| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| en:iot-reloaded:cybersecurity_in_iot_systems [2024/12/03 18:15] – ktokarz | en:iot-reloaded:cybersecurity_in_iot_systems [2025/05/13 15:03] (current) – pczekalski |
|---|
| ====== Cybersecurity in IoT Systems ====== | ====== IoT Security ====== |
| IoT systems and services are widely adopted in various industries, such as health care, agriculture, smart manufacturing, smart energy systems, intelligent transport systems, logistics (supply chain management), smart homes, smart cities, and security and safety. The primary goal of incorporating IoT into existing systems in various industries is to improve productivity and efficiency. Despite the enormous advantages of integrating IoT into existing systems in multiple sectors, including critical infrastructure, there are concerns about the security vulnerabilities of IoT systems. Businesses are increasingly anxious about the possible risks IoT systems introduce into their infrastructure and how to mitigate them. | IoT systems and services are widely adopted in various industries, such as health care, agriculture, smart manufacturing, smart energy systems, intelligent transport systems, logistics (supply chain management), smart homes, smart cities, and security and safety. The primary goal of incorporating IoT into existing systems in various industries is to improve productivity and efficiency. Despite the enormous advantages of integrating IoT into existing systems in multiple sectors, including critical infrastructure, there are concerns about the security vulnerabilities of IoT systems. Businesses are increasingly anxious about the possible risks IoT systems introduce into their infrastructure and how to mitigate them. |
| |
| * The Stuxnet attack: It is one of the most well-known IoT attacks. It was designed to target the Iranian uranium enrichment plant in Natanz, Iran. The attack compromised the Siemens Step7 software running on a Windows operating system, providing malicious software (worm) access to the industrial program logic controllers. The attack damaged several uranium centrifuges, demonstrating the extent to which IoT-based attacks could damage energy systems and critical infrastructure. | * The Stuxnet attack: It is one of the most well-known IoT attacks. It was designed to target the Iranian uranium enrichment plant in Natanz, Iran. The attack compromised the Siemens Step7 software running on a Windows operating system, providing malicious software (worm) access to the industrial program logic controllers. The attack damaged several uranium centrifuges, demonstrating the extent to which IoT-based attacks could damage energy systems and critical infrastructure. |
| * The Jeep Hack: This test attack was conducted by researchers in July 2015 on a Jeep SUV. They successfully took control of the vehicle by exploiting a firmware update vulnerability. They demonstrated that this attack can control the vehicle's speed and steer it off the road. Therefore, as more IoT sensors are added to cars, there is a serious risk that they can be exploited to cause a massive attack on cars, which could result in huge accidents. This kind of vulnerability can be exploited for terror attacks or targeted killings. | * The Jeep Hack: This test attack was conducted by researchers in July 2015 on a Jeep SUV. They successfully took control of the vehicle by exploiting a firmware update vulnerability. They demonstrated that this attack can control the vehicle's speed and steer it off the road. Therefore, as more IoT sensors are added to cars, there is a serious risk that they can be exploited to cause a massive attack on cars, which could result in huge accidents. This kind of vulnerability can be exploited for terror attacks or targeted killings. |
| * Cold in Finland: Cybercriminals conducted an IoT-based attack on heating systems in the Finnish city of Lappeenranta by turning off the heating system. They also conducted a DDoS attack on the heating infrastructure, forcing the heating controllers to reboot the system repeatedly and preventing the heating system from ever turning on. This is a severe attack, given the cold temperatures in Finland during the Winter season. A similar attack may be conducted against air conditioning systems in a hot environment, which may cause serious problems for inhabitants. Thus, IoT systems may be leveraged to conduct attacks on critical civilian infrastructures to disrupt the proper functioning of society. | * Cold in Finland: Cybercriminals conducted an IoT-based attack on heating systems in the Finnish city of Lappeenranta by turning off the heating system. They also conducted a DDoS attack on the heating infrastructure, forcing the heating controllers to reboot the system repeatedly and preventing the heating system from ever turning on. This is a severe attack, given the cold temperatures in Finland during the winter season. A similar attack may be conducted against air conditioning systems in a hot environment, which may cause serious problems for inhabitants. Thus, IoT systems may be leveraged to conduct attacks on critical civilian infrastructures to disrupt the proper functioning of society. |
| * The Verkada hack: This attack was conducted against a cloud-based video surveillance service provider, Verkada. The attackers successfully compromised the privacy of their customers (including factories, hospitals, schools, and prisons) by gaining access to live feeds from about 150000 cameras. This shows the risk of a successful full compromise on IoT cloud/fog computing service providers' customers, especially customers that provide critical services for society. | * The Verkada hack: This attack was conducted against a cloud-based video surveillance service provider, Verkada. The attackers successfully compromised the privacy of their customers (including factories, hospitals, schools, and prisons) by gaining access to live feeds from about 150 000 cameras. This shows the risk of a successful full compromise on IoT cloud/fog computing service providers' customers, especially customers that provide critical services for society. |
| |
| The attacks mentioned above are just a few examples of how cybercriminals may exploit the vulnerabilities of IoT devices to compromise and disrupt services in other sectors, especially the disruption of critical infrastructure. These examples demonstrate the urgent need to incorporate security mechanisms into IoT infrastructures, especially those integrated with essential infrastructures. The above attack examples also indicate that the threat posed by IoT is real and can seriously disrupt the functioning of society and result in substantial final and material losses. It may even result in the loss of several lives. Thus, if serious attention is not given to IoT security, IoT will soon be an Internet of Threats rather than an Internet of Things. | The attacks mentioned above are just a few examples of how cybercriminals may exploit the vulnerabilities of IoT devices to compromise and disrupt services in other sectors, especially the disruption of critical infrastructure. These examples demonstrate the urgent need to incorporate security mechanisms into IoT infrastructures, especially those integrated with essential infrastructures. The above attack examples also indicate that the threat posed by IoT is real and can seriously disrupt the functioning of society and result in substantial financial and material losses. It may even result in the loss of several lives. Thus, if serious attention is not given to IoT security, IoT will soon be an Internet of Threats rather than an Internet of Things. |
| |
| Therefore, IoT security involves design and operational strategies to protect IoT devices and other systems against cyber attacks. It includes the various techniques and systems developed to ensure the confidentiality of IoT data, the integrity of IoT data, and the availability of IoT data and systems. These strategies and systems are designed to prevent IoT-based attacks and ensure IoT infrastructures' security. In this chapter, we will discuss IoT security concepts, IoT security challenges, and techniques that can be deployed to secure IoT data and systems from being compromised by attackers and used for malicious purposes. | Therefore, IoT security involves design and operational strategies to protect IoT devices and other systems against cyberattacks. It includes the various techniques and systems developed to ensure the confidentiality of IoT data, the integrity of IoT data, and the availability of IoT data and systems. These strategies and systems are designed to prevent IoT-based attacks and ensure IoT infrastructures' security. In this chapter, we will discuss IoT security concepts, IoT security challenges, and techniques that can be deployed to secure IoT data and systems from being compromised by attackers and used for malicious purposes. |
| |
| <WRAP excludefrompdf> | <WRAP excludefrompdf> |
