SOLUTION: UMKC Computer Science Security Vulnerabilities Question

Personal data breaches and securing IoT devices

By Damon Culbert (2019)
The Internet of Things (IoT) is taking the world by storm as interconnected devices fill
workplaces and homes across the US. While the intention of these devices is always to make
our lives easier, their ability to connect to the internet turns them into ticking time bombs, lying
in wait until their weaknesses can be exploited by opportunistic hackers.
Personal data breaches are skyrocketing in America, increasing by 60% in the last year and by
157 percent since 2015. As our interconnectivity grows, so do the opportunities that our
technology will be hacked. Since every IoT device is connected to the internet, each one is
vulnerable to external access if not secured properly. In the rush to manufacture these devices
and get them onto the market, security has been an afterthought which needs to be urgently
addressed if the number of yearly data breaches is to be tackled.
Not only is the actual security of IoT devices under constant debate but recent news stories
surrounding both the Amazon Alexa and Google Home products — central machines to most
home IoT set-ups — show that even when used properly, the security implications of these
devices can be suspect.
Though many expect IoT to revolutionize our everyday lives, the potential holes they open up in
our security infrastructures could become an insurmountable problem if not dealt with soon.
Workplace IoT
IoT in the workplace can range from integrated systems such as air conditioning and security
systems to Wi-Fi enabled coffee machines. But every point of access in a system has potential
for weakness, meaning the more connected devices there are the harder it is to protect. Many
believe that blockchain technology has the answer for IoT security issues due to its
decentralized nature and the ability to timestamp and identify each connected device, allowing
for more accurate access records and a more stable network where no central point is
vulnerable.
The other key issue with workplace IoT is the necessity of regular updates to keep all devices
secured. In working environments where machines are working 24/7, there is no time to take
machines out of service to complete updates, meaning identified weaknesses can be left
unresolved. This allows hackers multiple opportunities to exploit the insecurities in an
individual device and gain access to the central network from there.
Creators of IoT devices will need to address the concerns of their consumers in order to create
products which can be routinely secured and hold a high base standard of security.
Integrated homes
With an explosion of interconnected devices for the home comes a unique challenge that
consumers are often completely oblivious to. Some IoT devices have no way to securely store
the Wi-Fi password which connects them, meaning that a hacker who is able to gain access to
this device can find the Wi-Fi password and exploit the entire network, risking data such as
banking and personal details as well as general internet activity.
It’s unrealistic to expect consumers to use blockchain security for their washing machines and
digital cameras so necessary security changes are going to have to start with the brands making
the products. Ensuring that safety is properly considered before marketing any IoT device is the
surest way to keep consumers’ data safe within their own network.
Google Home and Amazon Alexa
While not directly at the mercy of hackers, the recent revelations that recordings taken by both
Amazon’s Alexa and Google Home devices have been sent to human listeners within the
company raises different privacy concerns. The companies have assured that the recordings
have been shared with human employees for training and research purposes but as the recent
leak shows, holding personal data on recordings makes it susceptible to malicious actors online.
Amazon have taken further steps to allow users to control how Alexa stores their data and have
it deleted using voice commands, making it slightly easier to protect what you say in your own
home. However, many consumers buy these products without thinking of the implications of
keeping a device that is always listening in their home. Companies who produce home assistant
speakers need to be more transparent with how they use consumer data and take further steps
to ensure no sensitive personal data is kept in recordings to help reduce the number of data
breaches each year.
Trials are set to begin in the UK by Natwest bank where Google Home users will be able to
check their balance with their voice. As this follows immediately on from the leaked recordings,
it seems there is still little concern for the ways in which we share our personal data with the
devices we use. However, online security will likely become a much bigger topic in the future as
the number of internet-enabled devices rises.
The Internet of Things is proving that technology continues to advance at a rapid pace.
Although consumers will need to ensure that security is a high priority in order to protect their
own data and data handled by organizations, the first step must be taken by manufacturers to
ensure these products are created to high security standard.
Reference: https://betanews.com/2019/08/13/securing-iot-devices/
Final Research Project – Securing IoT Devices: What are the Challenges?
Internet security, in general, is a challenge that we have been dealing with for decades. It is a
regular topic of discussion and concern, but a relatively new segment of internet security is
getting most attention—internet of things (IoT). So why is internet of things security so
important?
The high growth rate of IoT should get the attention of cybersecurity professionals. The rate at
which new technology goes to market is inversely proportional to the amount of security that
gets designed into the product. According to IHS Markit, “The number of connected IoT devices
worldwide will jump 12 percent on average annually, from nearly 27 billion in 2017 to 125
billion in 2030.”
IoT devices are quite a bit different from other internet-connected devices such as laptops and
servers. They are designed with a single purpose in mind, usually running minimal software
with minimal resources to serve that purpose. Adding the capability to run and update security
software is often not taken into consideration.
Due to the lack of security integrated into IoT devices, they present significant risks that must
be addressed. IoT security is the practice of understanding and mitigating these risks. Let’s
consider the challenges of IoT security and how we can address them.
Some security practitioners suggest that key IoT security steps include:
1.
2.
3.
4.
Make people aware that there is a threat to security;
Design a technical solution to reduce security vulnerabilities;
Align the legal and regulatory frameworks; and
Develop a workforce with the skills to handle IoT security.
Final Assignment – Project Plan
(Deliverables):
1) Address each of the FOUR IoT
security steps listed above in terms of
IoT devices.
2) Explain in detail, in a step-by-step
guide, how to make people more aware
of the problems associated with the use
of IoT devices.
IoT References:
https://www.techrepublic.com/article/how-to-secure-your-iot-devices-from-botnets-andother-threats/
https://www.peerbits.com/blog/biggest-iot-security-challenges.html
https://www.bankinfosecurity.asia/securing-iot-devices-challenges-a-11138
https://www.sumologic.com/blog/iot-security/
https://news.ihsmarkit.com/press-release/number-connected-iot-devices-will-surge-125billion-2030-ihs-markit-says
https://cdn.ihs.com/www/pdf/IoT_ebook.pdf
https://go.armis.com/hubfs/Buyers%E2%80%99%20Guide%20to%20IoT%20Security%20Final.pdf
https://www.techrepublic.com/article/smart-farming-how-iot-robotics-and-ai-are-tackling-oneof-the-biggest-problems-of-the-century/
Video Resources:
What is the Internet of Things (IoT) and how can we secure it?

What is the problem with IoT security? – Gary explains

What are the Challenges of IoT Security?
IoT has many of the same security challenges that other systems have. There are, however,
some challenges that are unique to IoT.
1. Embedded Passwords. Embedding passwords in IoT devices make it easy for remote
support technicians to access devices for troubleshooting and simplifies the installation
of multiple devices. Of course, it also simplifies access to devices for malicious purposes.
2. Lack of device authentication. Allowing IoT devices access to the network without
authenticating opens the network to unknown and unauthorized devices. Rogue devices
can serve as an entry point for attacks or even as a source of attacks.
3. Patching and upgrading. Some IoT devices do not provide a simple (or any) means to
patch or upgrade software. This results in many IoT devices with vulnerabilities
continuing to be in use.
4. Physical hardening. Physical access to IoT devices can introduce risk if those devices are
not hardened against physical attack. Such an attack may not be intended to damage
the device, but rather to extract information. Simply removing a microSD memory card
to read its contents can give an attacker private data, as well as information such as
embedded passwords that may allow access to other devices.
5. Outdated components. When vulnerabilities are discovered in hardware or software
components of IoT devices, it can be difficult and expensive for manufacturers or users
to update or replace them. As with patches, this results in many IoT devices with
vulnerabilities continuing to be used.
6. Device monitoring and management. IoT devices do not always have a unique identifier
that facilitates asset tracking, monitoring, and management. IT personnel do not
necessarily consider IoT devices among the hosts that they monitor and manage. Asset
tracking systems sometimes neglect to include IoT devices, so they sit on the network
without being managed or monitored.
Most of these issues can be attributed to security being an afterthought (if a thought at all) in
the design and manufacturing of IoT devices. Even those IoT developers who consider security
in the design process struggle with implementation. Most IoT devices are limited by minimal
processing power, memory, and data transfer speeds. This is a necessary evil in order to keep
the size and cost of the devices small. Accordingly, security controls must be implemented to
compensate for these inherent weaknesses.
The first step to implementing security controls is to determine where those controls are
needed. This is another challenge for protecting IoT devices. Since IoT devices are often not
recognized as network devices, they get overlooked when inventorying or mapping the
network. If you do not know it is there, you cannot protect it.
Fortunately, IoT device manufacturers are beginning to address these issues, but organizations
that are planning or currently using IoT cannot sit back and wait for that to happen. There are
measures that organizations can take right now to protect their IoT devices and networks from
attacks.
Security Requirements of IoT
Manufacturers and implementers must implement security practices to mitigate IoT risks. Steps
can be taken to better secure IoT and address known risks.
Security Challenge Solution
Embedded
passwords
Rather than embedding passwords in their products, manufacturers
should require users to create a strong password during device setup.
Lack of device
authentication
Manufacturers should provide a means for their devices to authenticate
to the network. IT personnel should require devices to authenticate
before joining the network.
Patching and
upgrading
Manufacturers need to make it easy for devices to be upgraded or
patched. Ideally, this would be an automatic or one-click process.
Physical hardening
IoT devices should be made tamper-proof. Devices should be monitored
to detect time offline and inspected after unexpectedly dropping offline.
Outdated
components
Vulnerable devices should be updated or replaced. This can be difficult to
remedy, especially in environments that have many IoT devices in remote
locations. In those cases, tighter security controls and more vigilant
monitoring should be implemented.
Device monitoring
and management
Ensure that all IoT devices are included in asset tracking, monitoring, and
management systems. Manufacturers should provide a unique identifier
for each device.
Clearly, many of these security issues can only be resolved by the manufacturer. One that
organizations’ security, IT, and OT teams can address is device management. It is up to those
planning and/or implementing the rollout of IoT devices to ensure that they are accounted for
in asset management, systems monitoring, security monitoring, and incident response systems.
Breaches and Hacks
There are two broad categories of attacks that involve IoT devices: those in which the IoT
devices themselves are the end target of the attack, and those that use IoT devices to attack
other targets. We have seen both types of attacks used in the real world and by security
researchers as a proof of concept.
In October of 2016, an attack against Dyn, a company that provides DNS services, made much
of the internet inaccessible. Twitter, Spotify, Github, Netflix, The New York Times, Paypal and
other major websites were down for hours.
The attack used the Mirai IoT Botnet, taking control of over 600,000 IoT devices to flood Dyn
with traffic in a massive DDoS attack. The devices seemed to be mostly routers and IP cameras.
IP cameras are frequently targeted IoT devices.
In a scary example of an attack where the IoT device was the target, the “device” was a car.
Fortunately, this was a controlled demonstration by security researchers Charlie Miller and
Chris Valasek. They demonstrated the attack for Wired writer Andy Greenberg, who was driving
a Jeep Cherokee.
Miller and Valasek, from miles away over a cellular internet connection, remotely turned on the
A/C, radio, and windshield wipers. That was just the beginning. Next, they caused the Jeep to
slow, remotely rendering the accelerator useless.
How to Secure IoT Systems and Devices
It is clear that IoT attacks can have serious consequences. Securing IoT systems and devices
must be done by both the manufacturers and the organizations using them. The security
controls that organizations can put in place are similar to the controls they already use on their
network. The key to securing IoT is to know what IoT devices are on your network and where
they are in your network topology. Until you know that, you are flying blind. You cannot protect
what you cannot see.
One way to identify IoT devices on your network is to require all hosts and devices to
authenticate when joining the network. Devices that fail authentication can then be identified.
If they belong on the network, authentication can then be configured for that device. If they do
not belong on the network, you have discovered a rogue device.
You can further secure IoT devices by segmenting the network and dedicating one segment to
IoT. This will allow you to firewall that segment and apply IoT-specific rules. It would also allow
you to quickly block traffic from that segment in the event that an IoT device is compromised.
Once you have IoT devices authenticated, you can then gain visibility into their activity using a
cloud-native security monitoring and analytics platform like Sumo Logic. The Sumo Logic
platform helps you make data-driven decisions and reduce the time to investigate security and
operational issues so you can free up resources for more important activities. For even greater
visibility into security events, integrated threat intelligence from Crowdstrike is included for upto-date IOC data that can be quickly cross-correlated to identify threats in your environment.
Reference: https://www.sumologic.com/blog/iot-security/

Purchase answer to see full
attachment

Order a unique copy of this paper
(550 words)

Approximate price: $22

Our Basic features
  • Free title page and bibliography
  • Plagiarism-free guarantee
  • Unlimited revisions
  • Money-back guarantee
  • 24/7 support
Our Options
  • Writer’s samples
  • Expert Proofreading
  • Overnight delivery
  • Part-by-part delivery
  • Copies of used sources
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

AcademicWritingCompany guarantees

Our customer is the center of what we do and thus we offer 100% original essays..
By ordering our essays, you are guaranteed the best quality through our qualified experts.All your information and everything that you do on our website is kept completely confidential.

Money-back guarantee

Academicwritingcompany.com always strives to give you the best of its services. As a custom essay writing service, we are 100% sure of our services. That is why we ensure that our guarantee of money-back stands, always

Read more

Zero-plagiarism tolerance guarantee

The paper that you order at academicwritingcompany.com is 100% original. We ensure that regardless of the position you are, be it with urgent deadlines or hard essays, we give you a paper that is free of plagiarism. We even check our orders with the most advanced anti-plagiarism software in the industry.

Read more

Free-revision guarantee

The Academicwritingcompany.com thrives on excellence and thus we help ensure the Customer’s total satisfaction with the completed Order.To do so, we provide a Free Revision policy as a courtesy service. To receive free revision the Academic writing Company requires that the you provide the request within Fifteen (14) days since the completion date and within a period of thirty (30) days for dissertations and research papers.

Read more

Privacy and Security policy

With Academicwritingcompan.com, your privacy is the most important aspect. First, the academic writing company will never resell your personal information, which include credit cards, to any third party. Not even your lecturer on institution will know that you bought an essay from our academic writing company.

Read more

Adherence to requirements guarantee

The academic writing company writers know that following essay instructions is the most important part of academic writing. The expert writers will, therefore, work extra hard to ensure that they cooperate with all the requirements without fail. We also count on you to help us provide a better academic paper.

Read more

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2020 at 10:52 AM
Total price:
$26
The price is based on these factors:
Customer Academic level
Number of pages required
Urgency of paper