Posts Tagged IoT

Rising Security Threats

Cybersecurity threats are not new; however, they have gained momentum as the intensity and volume of attacks has increased in recent years. A mix of sophisticated old threats and new zero-day attacks have given rise to the need for new cyber security techniques.

In order to formulate effective cyber security strategies, it is important to understand different types of rising security threats:

  1. Insecure API: API refers to Application Programing & User Interface. When an organization sources a cloud service from a service provider, the interface is not used by a single client. It is shared by numerous other users; thus, the organization cannot control the security of interface. As a client, organizations should make sure that the service provider incorporates stringent security measures starting from authentication to encryption.
  2. Direct Data Center & Cloud Attacks: The cyber attackers launch these attacks by locating vulnerabilities in applications and exploiting them to enter a cloud network. Generally exploited vulnerabilities are insecure passwords and lack of proper authentication. Once the cyber attackers gain access, they can move across the applications & data centers freely. Such attacks are not easily spotted by the compromised organizations.
  3. Crypto-jacking: As cryptocurrency is gaining popularity, cryptocurrency attacks are also rising. Crypto-jacking is the term used for unauthentic use of someone’s computer for mining cryptocurrency. The crypto mining code is either encrypted in a link which is sent to the victim via a phishing e-mail or it is loaded in an infectious online ad or website. Once the user clicks on the link, the code is installed on his computer. However, in case of infected ad or website, the code is not loaded on victim’s computer. As the website or ad pops up in victim’s browser, the code is auto-executed. Unlike ransomware, crypto mining code does not harm user’s personal data but uses CPU resources which results in slow processing.
  4. Advanced Persistent Threat (APT): In APT, the hacker breaches a network but stays undetected for a long time; thus, increasing his dwelling period instead of asking for instant ransom. The main motive is to steal information or security data unobtrusively. The breach could be caused by using malware, exploit kits or by piggybacking on legitimate traffic. Once breached, the attackers could steal login credentials to move across the network easily.
  5. IoT Attacks: IoT now includes laptops, tablets, routers, webcams, smart watches, wearable devices, automobiles, home electronics, etc. As IoT is becoming more ubiquitous and number of connected devices is increasing, cyber criminals are targeting the IoT networks for cyber invasions & infections. Once they gain access to a network, cyber criminals can program the devices to create chaos, lock down essential devices for financial ransom, overload the network, etc.

With rising cyber security threats, organizations need to follow strict data management and security practices to protect their data.

For more information about IT and security risks, call Centex Technologies at (254) 213-4740.

,

No Comments

Risks Associated With IoT Devices

We have entered an era of smart devices where from washing machines, TV’s to refrigerators and AC’s everything is connected with the internet. As per reports by Cisco, the number of devices connected with the internet will exceed 50 billion by 2020. However, there are certain risks associated with IoT devices which every user must be aware of. Here we have listed some of them which demand user’s attention.

  • Security Risks

There are a number of loopholes associated with IoT security, which a hacker takes advantage of. Security attack can be categorized into network, physical, software and encryption attack, each of which has its own consequences.

  • Physical attacks target hardware of an IoT system and attackers physically harm the device to disrupt the services.
  • Network attack on the other hand aims at disrupting the network layer of the device. DDoS attack is an example of network attack.
  • Software attack is launched on the software with an intention to steal information & exploit the device.
  • Encryption attacks target the implementation of algorithm on which the device works.

So, the user must possess thorough knowledge of the types of security risks and attacks to take preventive measures well in advance.

  • Legal Risks

Legal issues related to product liability can arise. For example, if an autonomous car gets into an accident, who shall be held liable? Now this is a legal issue as it is difficult to figure out whether the owner, manufacturer, passenger or the person who coded the software is at fault.

  • Privacy Risks

Since a lot of factors influence data protection, there are a variety of privacy risks associated with IoT. The number of cyber-attacks is soaring high and this has become a serious issue as nowadays most devices are connected to internet making it easier for cyber criminals to steal the information. This information can be applied to infer certain results or to be sold in the dark market which might be used against the IoT device user.

  • Lack Of Authentication/ Authorization

A lot of vulnerabilities could lead to this issue. Lack of complex device password & two factor authentication, insecure credentials etc. are more like an open invitation to cyber criminals to hack the devices and disrupt the operations.

Other Risks

  • Insecure Cloud Interface
  • Complexity
  • Insecure Mobile Interface
  • Insecure Network Services

IoT devices now play a mainstream role in our lives, and have become a major part of our official & personal space. Thus, it is important to take a note of all the risks associated with IoT in order to understand the impact they can have on us. It is high time that we take necessary measures to mitigate the risks associated with IoT so that we can enjoy maximum benefits that technology offers us.

For more information about IT Security, call Centex Technologies at (254) 213-4740.

, ,

No Comments

Considerations For Mitigating Risk In IoT Devices

March 28, 2016

With the exponential growth of Internet of Things (IoT) devices, the security risks associated with them have also increased manifold. Each device, including TVs, refrigerators, home automation systems, air conditioning units etc., which is connected to the internet has an in-built operating system, making it vulnerable to the prevalent online threats. This, ultimately, puts the end-users’ privacy and security at stake.

Here are some factors that must be considered to mitigate security risks in IoT devices:

Keep devices updated

Keep all the IoT devices and routers updated to the current versions of the software applications. This will provide protection against any minor security flaws in the software which may make the device vulnerable to a hacking attack.

Change default login credentials

You must create unique and difficult usernames as well as passwords for all your IoT devices. If you do not change the default login credentials, hackers can easily gain access to your personal internet network by breaching your IoT accounts. Make sure the password you create is complex enough to be cracked.

Limit the data you provide to the IoT service or device

Provide only a limited amount of information that is absolutely required for the IoT device to function efficiently. Avoid giving in sensitive personal information and if possible, enter a nickname instead of your full name. This will protect you against a potential identity theft.

Be careful when selling or purchasing used IoT devices

When you buy a used IoT device, it is quite possible that it has a malware or backdoor that can provide hackers an access to your internet connection. With this, they can infect your network, track your online activity and steal other important information. If you need to sell off your IoT device, make sure you restore it back to the factory settings to delete all the personal identifiable information (PII) stored in it.

Set up a different network for IoT devices

Some internet routers allow the users to create a separate network for different devices. You can make all your IoT and wireless devices operate on a network other than your home’s internet connection. Therefore, even if any of your devices are compromised, the hackers will not be able to access your entire network.

We, at Centex Technologies, can help to safeguard your IoT devices against common cyber security threats. For more information, you can call us at (855) 375 – 9654.

, ,

No Comments