Threat Landscape in Internet of Things

With rise of IoT devices potential threats for services and applications are increasing.

On part 3 of my blog posting I will have a deeper look into the threat landscape of Internet of Things, to raise the awareness on potential attacking vectors and how to improve resilience in IoT Systems.

There is no doubt that the Internet of Things has an enormous potential to optimize current infrastructure and processes. Of course, we can discuss if it will grow to 20 Billion or 50 Billion connected devices in 2020. But discussing numbers is just distracting. Let’s just summarize that there will be many devices. And many new services are almost useless without Internet of Things – for example big data analytics.

Our future life will be deeply connected to the Internet of Things. Literally from birth to death. If every service of our daily life has a connection to the Internet of Things, we need to have a close look on the potential threat landscape to protect our society, business, family and finally ourselves.

From WAN to BAN

Let’s have a look on the scaling of IoT Networks, and by that on the potential threats and risks:

WAN – Wide Area Networks: Many IoT Applications are embedded into a bigger service eco system, for example by their connection to cloud services. Even more, without this connection they become almost useless. This can be a smart power grid service, where the power transport and consumption will be optimized by big data knowledge of consumers smart meters or smart cities traffic control, where the route management of autonomous car fleets will be optimized by artificial intelligence based on individual car control units. The behavior of the meta system is based up on a mass of IoT data. A single sensor is not consequently changing the state of the whole systems, but a critical mass of sensors will significant affect it. On the other side the actors in a single IoT devices are relaying on the logical decisions of the meta system as well. As this are the most complex IoT architectures, they are exposed to multiple threats. Starting at manipulation of sensor and actor nodes at the edge, hacking of gateways and cloud services. Furthermore, this communication between parties can be compromised on protocol levels.

LAN – Local Area Networks: Typical for this Internet of Things architecture the use case is limited to a defined area or entity, for example smart buildings, homes or industry 4.0. The system is designed to operate with almost closed compartments, where the connectivity to the internet is limited by gateways and virtual private networks (VPN). For that architecture actors and sensors can be operated with low or no dependencies of cloud services. Attackers need to overcome the security frontiers to compromise from outside or to creep in malicious software codes. Typical attack vectors from outside are classical hacking of gateways and encrypted communication, infiltrating maleware by spear fishing or infected devices. LANs can be attacked also from inside, e.g. Hotel guests getting access and control over the smart building units by combining attacks to unsecure Wireless LAN and ModBUS protocol.

BAN – Body Area Networks: More and more we are entering Area of body enhancements. Internet of Things devices can be placed outside and inside the human body for multiple purpose. This covers the area of augmented reality to medical devices. Sensors and networks can operate in single devices or together in a mesh. These devices often need to manage constrains on form factor and power supply, so that they are often at the “edge” – which means that they are using special communications protocols for near field or low power communication with gateways. Attacking such devices requires to capture the gateways from remote or to attack the communication by getting in reach of the radio signal. It’s also possible to disturb sensors by remote attacks to force false data collection e.g. simply inferring optical sensors with a laser pointer.

With the rise of the Internet of Things the interconnectivity of LAN-WAN-BAN is rising. This is leading into complex threat landscapes we need to take care for our own security. Patch and update supply of architecture components is one important building block.

That’s what we are providing with our mission.