Hello !
Trace: Buzzer example

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
en:iot-reloaded:hardware_and_cybersecurity [2024/12/03 19:40] – [IoT hardware attacks] ktokarzen:iot-reloaded:hardware_and_cybersecurity [2024/12/10 21:44] (current) pczekalski
Line 10: Line 10:
   * In some IoT deployments, the IoT devices share the same communication channels, making them vulnerable to packet collision attacks, where compromised IoT devices are used to create packet collisions on the channels, forcing the device to deplete its stored energy rapidly and may eventually shut down the device.    * In some IoT deployments, the IoT devices share the same communication channels, making them vulnerable to packet collision attacks, where compromised IoT devices are used to create packet collisions on the channels, forcing the device to deplete its stored energy rapidly and may eventually shut down the device. 
   * Since the communication between the IoT devices and between the IoT devices and the access point or gateway is through wireless radio communication channels, the IoT devices are vulnerable to jamming attacks designed to force them to deplete their stored energy rapidly.    * Since the communication between the IoT devices and between the IoT devices and the access point or gateway is through wireless radio communication channels, the IoT devices are vulnerable to jamming attacks designed to force them to deplete their stored energy rapidly. 
-  * IoT devices are also vulnerable to flooding attacks designed to flood IoT devices with benign or useless packets so that they will spend more energy processing these useless packets, rapidly depleting their stored energy and eventually shutting down the device. +  * IoT devices are also vulnerable to flooding attacks designed to flood IoT devices with benign or useless packetsso they will spend more energy processing these useless packets, rapidly depleting their stored energy and eventually shutting down the device. 
   * Since IoT devices are relatively easy to infect with malware, they are vulnerable to a kind of malware attack in which the attacker infects the device with malware that forces the device to perform more computations, rapidly depleting the energy stored in the device and eventually shutting it down.   * Since IoT devices are relatively easy to infect with malware, they are vulnerable to a kind of malware attack in which the attacker infects the device with malware that forces the device to perform more computations, rapidly depleting the energy stored in the device and eventually shutting it down.
-  * Another type of IoT hardware vulnerability is route poisoning, in which the attacker creates routing loops, turns some devices into sinkholes, or increases routing paths to force the devices to spend more energy and eventually deplete their energy, reducing the lifetime of some of the devices in the network.+  * Another type of IoT hardware vulnerability is route poisoning, in which the attacker creates routing loops, turns some devices into sinkholes, or increases routing paths to force the devices to spend more energy and eventually deplete their energy, reducing the lifetime of some devices in the network.
   * IoT devices can easily be infected and turned into botnets, which can then be used to conduct sophisticated large-scale attacks, such as distributed denial of service attacks, which can paralyse IT assets (servers and gateways).    * IoT devices can easily be infected and turned into botnets, which can then be used to conduct sophisticated large-scale attacks, such as distributed denial of service attacks, which can paralyse IT assets (servers and gateways). 
   * Another IoT hardware vulnerability is the lack of visibility. Many IoT devices are deployed without appropriate identification numbers (IP addresses), creating blind spots because the devices are not visible to security monitoring tools and can be exploited. Also, the fact that various devices may have different protocols makes monitoring all the devices within the network challenging, making them weak points.    * Another IoT hardware vulnerability is the lack of visibility. Many IoT devices are deployed without appropriate identification numbers (IP addresses), creating blind spots because the devices are not visible to security monitoring tools and can be exploited. Also, the fact that various devices may have different protocols makes monitoring all the devices within the network challenging, making them weak points. 
-  * An inefficient firmware verification mechanism allows tampering with or reverse-engineering the firmware, making the device vulnerable to attacks. Attackers may illegally update the firmware of the device or tamper with it so that they can easily capture the device and use it for further attacks.+  * An inefficient firmware verification mechanism allows tampering with or reverse-engineering the firmware, making the device vulnerable to attacks. Attackers may illegally update the device's firmware or tamper with it so that they can easily capture it and use it for further attacks.
   * Due to poor device management strategies, some organisations or individuals sometimes fail to attend to some devices to ensure that they are well-secured (failing to install necessary updates and patch security holes to gaps), leaving them vulnerable to attacks from cybercriminals.    * Due to poor device management strategies, some organisations or individuals sometimes fail to attend to some devices to ensure that they are well-secured (failing to install necessary updates and patch security holes to gaps), leaving them vulnerable to attacks from cybercriminals. 
   * Some hardware security vulnerabilities are hard to eliminate, such as side-channel attacks, reverse engineering of the hardware, malware infection, and data extraction, which could be exploited and result in a data breach.      * Some hardware security vulnerabilities are hard to eliminate, such as side-channel attacks, reverse engineering of the hardware, malware infection, and data extraction, which could be exploited and result in a data breach.   
Line 25: Line 25:
 IoT hardware attacks are the various ways that security weaknesses resulting from limitations in IoT hardware can be exploited to compromise the security of IoT data and systems. An attacker may install malware on IoT devices, manipulate their functionality, or exploit their weaknesses to gain access to steal or damage data, degrade the quality of services, or disrupt the services. An attack could conduct an IoT on devices to use them for a more sophisticated large-scale attack on ICT infrastructures and critical systems. There is an increase in the scale and frequency of IoT attacks due to the rise in IoT attack surfaces, the ease with which IoT devices can be compromised, and the integration of IoT devices into existing systems and critical infrastructure. Some of the common IoT hardware attacks include: IoT hardware attacks are the various ways that security weaknesses resulting from limitations in IoT hardware can be exploited to compromise the security of IoT data and systems. An attacker may install malware on IoT devices, manipulate their functionality, or exploit their weaknesses to gain access to steal or damage data, degrade the quality of services, or disrupt the services. An attack could conduct an IoT on devices to use them for a more sophisticated large-scale attack on ICT infrastructures and critical systems. There is an increase in the scale and frequency of IoT attacks due to the rise in IoT attack surfaces, the ease with which IoT devices can be compromised, and the integration of IoT devices into existing systems and critical infrastructure. Some of the common IoT hardware attacks include:
  
-  * Unauthorised access: Some IoT device manufacturers use weak or no security mechanisms to minimise manufacturing costs and reduce the time to market to meet the increase in market demand. They sometimes do not provide mechanisms for necessary updates to patch up security holes. Some create backdoors for remote servicing, which malicious hackers can exploit. In contrast, others use default or no passwords, making it easier for attackers to access the device and exploit it to escalate their attacks.+  * Unauthorised access: Some IoT device manufacturers use weak or no security mechanisms to minimise manufacturing costs and reduce the time to market to meet the increase in market demand. They sometimes do not provide mechanisms for necessary updates to patch up security holes. Some create backdoors for remote servicing, which malicious hackers can exploit. In contrast, others use default or no passwords, making it easier for attackers to access and exploit the device to escalate their attacks.
   * Emulation of fake IoT devices: A third party that knows the communication protocol could develop software to emulate standard functionalities between IoT devices and then get the leverage to share false information.    * Emulation of fake IoT devices: A third party that knows the communication protocol could develop software to emulate standard functionalities between IoT devices and then get the leverage to share false information. 
   * Identity Theft: An attacker could steal the identification of legitimate devices and then perform malicious actions within the network without being identified.   * Identity Theft: An attacker could steal the identification of legitimate devices and then perform malicious actions within the network without being identified.
Line 34: Line 34:
   * Vampire attacks: In this kind of attack, an attacker tries to increase the energy consumption of a battery-powered IoT device significantly, drain the device's battery, and eventually shut down the device. Examples of such attacks include Denial of Sleep (DoS), flooding, a carousel, and stretch attacks ((A. Rayes, S. Salam, Internet of Things-From Hype to Reality, Springer Nature, 2017.)).   * Vampire attacks: In this kind of attack, an attacker tries to increase the energy consumption of a battery-powered IoT device significantly, drain the device's battery, and eventually shut down the device. Examples of such attacks include Denial of Sleep (DoS), flooding, a carousel, and stretch attacks ((A. Rayes, S. Salam, Internet of Things-From Hype to Reality, Springer Nature, 2017.)).
   * Routing attacks: An attacker may manipulate the routing information of the devices to create routing loops, selectively forward packets or intend to use longer routes to increase energy consumption. Some routing attacks include sinkholes, selective forwarding, wormholes, and Sybil attacks ((A. Rayes, S. Salam, Internet of Things-From Hype to Reality, Springer Nature, 2017.)).   * Routing attacks: An attacker may manipulate the routing information of the devices to create routing loops, selectively forward packets or intend to use longer routes to increase energy consumption. Some routing attacks include sinkholes, selective forwarding, wormholes, and Sybil attacks ((A. Rayes, S. Salam, Internet of Things-From Hype to Reality, Springer Nature, 2017.)).
-  * Jamming attacks: A denial of service attack in a shared wireless communication channel where a user may prevent other users from using the shared channel ((S. Yan-Qiang, W. Xiao-dong, Handbook of Research on Developments and Trends in Wireless Sensor Networks: From Principle to Practice, DOI: 10.4018/978-1-61520-701-5.ch015, IGI Global Knowledge Disseminator, https://www.igi-global.com/chapter/jamming-attacks-countermeasures-wireless-sensor/41122, 2010, access date: 7/03/2020)). It is an attack targeted towards the IoT wireless network's physical layer or data link layer.+  * Jamming attacks: A denial of service attack in a shared wireless communication channel where a user may prevent other users from using the shared channel ((S. Yan-Qiang, W. Xiao-dong, Handbook of Research on Developments and Trends in Wireless Sensor Networks: From Principle to Practice, DOI: 10.4018/978-1-61520-701-5.ch015, IGI Global Knowledge Disseminator, https://www.igi-global.com/chapter/jamming-attacks-countermeasures-wireless-sensor/41122, 2010, access date: 7/03/2020)). It is an attack targeting the IoT wireless network's physical or data link layer.
   * Brut-force attacks: This kind of attack is aimed at obtaining the login credentials of the detail to gain unauthorised access to the device. For devices with fault passwords, commonly used passwords (e.g., admin), or weak passwords, attackers can access these credentials and use them to gain illegal access to IoT devices.    * Brut-force attacks: This kind of attack is aimed at obtaining the login credentials of the detail to gain unauthorised access to the device. For devices with fault passwords, commonly used passwords (e.g., admin), or weak passwords, attackers can access these credentials and use them to gain illegal access to IoT devices. 
   * DoD/DDoD attacks: Because adequate security mechanisms are not implemented to harden the security of IoT devices, they can easily be compromised. Many IoT devices can constitute an army of botnets to conduct DDoS attacks to saturate the buffers and other resources in the access points, fog nodes and cloud platforms.   * DoD/DDoD attacks: Because adequate security mechanisms are not implemented to harden the security of IoT devices, they can easily be compromised. Many IoT devices can constitute an army of botnets to conduct DDoS attacks to saturate the buffers and other resources in the access points, fog nodes and cloud platforms.
   * Packet collision attacks: This attack is typical in IoT applications where the devices share the wireless communication channel. An attacker can capture some of the devices and then use them to create packet collisions in the communication channel to disrupt the communication and force the devices to consume more energy by trying to transmit packets multiple times and increase the time the devices stay awake to perform communication (or decreases the sleep time of the device). This kind of attack is a type of energy depletion attack.    * Packet collision attacks: This attack is typical in IoT applications where the devices share the wireless communication channel. An attacker can capture some of the devices and then use them to create packet collisions in the communication channel to disrupt the communication and force the devices to consume more energy by trying to transmit packets multiple times and increase the time the devices stay awake to perform communication (or decreases the sleep time of the device). This kind of attack is a type of energy depletion attack. 
-  * Physical attack on the device: An IoT device may be physically manipulated to extract vital information or damaged. This is an essential aspect of IoT-based agriculture, as the IoT infrastructure in the fields can be vandalised.+  * Physical attack on the device: An IoT device may be physically manipulated or damaged to extract vital information. This is an essential aspect of IoT-based agriculture, as the IoT infrastructure in the fields can be vandalised.
  
 ===== IoT hardware security ===== ===== IoT hardware security =====
Line 44: Line 44:
 It is tough to eliminate IoT hardware vulnerabilities due to the hardware resource constraint of IoT devices. Some of the measures for securing IoT devices and mitigating the risk posed by IoT security vulnerabilities include the following: It is tough to eliminate IoT hardware vulnerabilities due to the hardware resource constraint of IoT devices. Some of the measures for securing IoT devices and mitigating the risk posed by IoT security vulnerabilities include the following:
   * Implementing lightweight encryption schemes on IoT devices: The data stored in the IoT devices (e.g., device authentication data and other sensitive data) should be encrypted to ensure its confidentiality and integrity are not compromised. The IoT data should be encrypted before being transmitted through any transmission medium. Since traditional cryptographic algorithms are computationally expensive and require strong and energy-hungry computing systems, it is preferable to implement lightweight cryptographic algorithms that require relatively less energy.    * Implementing lightweight encryption schemes on IoT devices: The data stored in the IoT devices (e.g., device authentication data and other sensitive data) should be encrypted to ensure its confidentiality and integrity are not compromised. The IoT data should be encrypted before being transmitted through any transmission medium. Since traditional cryptographic algorithms are computationally expensive and require strong and energy-hungry computing systems, it is preferable to implement lightweight cryptographic algorithms that require relatively less energy. 
-  * Implementing robust authentication mechanisms on IoT devices: Rubost authentication mechanisms should be implemented to restrict access to IoT devices and to ensure that all IoT devices that connect to access points and servers are authenticated. This ensures that access to critical resources like access points, gateways, and servers can be controlled to ensure the authenticity of the communication. It is also important to avoid purchasing devices with hardcoded passwords, change default passwords, and create strong passwords for devices.  +  * Implementing robust authentication mechanisms on IoT devices: Robust authentication mechanisms should be implemented to restrict access to IoT devices and to ensure that all IoT devices that connect to access points and servers are authenticated. This ensures that access to critical resources like access points, gateways, and servers can be controlled to ensure the authenticity of the communication. It is also important to avoid purchasing devices with hardcoded passwords, change default passwords, and create strong passwords for devices.  
   * Configuring firewalls to protect devices from traffic-based attacks: The network's perimeter can be protected by implementing firewalls that reject malicious traffic at the network's edge. That is, it allows only traffic from legitimate sources and blocks traffic from sources deemed malicious. It can also be used to segment the network so that the IoT network can be isolated from other networks and attacks on IoT networks can not be spread to different networks. Software firewalls can be configured on individual devices to restrict traffic from unauthorised sources from reaching the devices.    * Configuring firewalls to protect devices from traffic-based attacks: The network's perimeter can be protected by implementing firewalls that reject malicious traffic at the network's edge. That is, it allows only traffic from legitimate sources and blocks traffic from sources deemed malicious. It can also be used to segment the network so that the IoT network can be isolated from other networks and attacks on IoT networks can not be spread to different networks. Software firewalls can be configured on individual devices to restrict traffic from unauthorised sources from reaching the devices. 
   * Ensure that the software and hardware components are not compromised: The software and hardware components used in IoT devices should be well-tested to ensure no security vulnerabilities that malicious attackers may exploit to compromise the security of the data and the devices. Security measures should be included at every stage of the device lifecycle to ensure that well-known vulnerabilities are resolved and that there are security strategies to ensure that the device and data security is not compromised.     * Ensure that the software and hardware components are not compromised: The software and hardware components used in IoT devices should be well-tested to ensure no security vulnerabilities that malicious attackers may exploit to compromise the security of the data and the devices. Security measures should be included at every stage of the device lifecycle to ensure that well-known vulnerabilities are resolved and that there are security strategies to ensure that the device and data security is not compromised.  
en/iot-reloaded/hardware_and_cybersecurity.1733254817.txt.gz · Last modified: 2024/12/03 19:40 by ktokarz
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0