IoT is a vulnerable black-hole to attacks

IoT is hyping and may change our life more severly than ever before. But do we ready to its risk or disaster? It may be a a vulnerable black-hole to malicious attacks. Think about a vandal turns off your refrigerator, disable your security system or unlock your back door.

Some scenarios are more terrifying, such as a hacked pacemaker or a successful attack on a moving vehicle.

The things(devices) are exapanding rapidly with the arrival of the IoT, which enlarged network capability to a broad spectrum of devices that never had that capability before, such as office appliances like thermostats and refrigerators. As there devices become Internet-enabled, experts fear an embedded systems security worst-case scenario for enterprises, many of which are unaware of this risk or unable to mitigate them.

The rapid increse in nontranditional Internet-enabled devices means more potential enterprise entry points for attackers, because of embedded system troubing security history. Embedded system usually used wireless communication and proprietary components which can not be shared between each others. So if a bug is founded, it's less likely to be fixed due to cost and resource constraints. The embedded devices are often lack of computing resource, then it's difficult to implement complex schemes for security. Even if a software update is available,
enterprises often overlook these embedded devices because of low cost and low revenue.

The key to secure embedded devices is in securely designing them from the beginning. The hardware and fireware should be designed from the ground up to prevent access from malware and physical tampering. Encryption and fireware digital signature can be used. Using endpoint protection will block everything except whitelisted products.

Deploying embedded devices behind a gateway/hub or a virtual system is also a good choice. It's cost-efficient to update a new rule to stop new threats in a concentrated point.

Besides the tech, we also should pay more attention to the IoT security with better understanding and rules. According to a recently research, more than two-thirds of Forbes Global 2000 companies in the UK remain vulnerable to attacks that exploit incomplete remediation of the Heartbleed vulnerability in OpenSSL. Although the serious vulnerability was discovered and complete remediation also provided last year, still many enterprises overlooked this risk.

Better tech and better pre-prepartion can make our life more convenient and more comfortable. Neither can be ignored