The potential for cyberattacks and the compromising of privacy is increasing due to gaping vulnerabilities in IoT devices. It is essential to test for vulnerabilities before integrating IoT products and systems into an infrastructure.
- [Instructor] A vulnerability is a software flaw in a system that a hacker can exploit and gain unauthorized access to an asset. The potential for cyber attacks along with compromising privacy is increasing due to gaping vulnerabilities in IoT devices. It's time to raise awareness, make security accessible, and involve experts and trusted vendors. Researchers have scanned the internet and found over half a million vulnerable IoT devices which can pose serious security risks.
Researchers have also demonstrated how they can hack in to devices such as cars, devices on the electrical grid, and medical devices, such as insulin pumps and pacemakers. A hacker can tamper with a device and send incorrect information and commands to a controller from rogue devices to perform some physical action, such as overriding a faulty security system to allow someone to gain access in to your building.
Device manipulation started as early as 2010 when one of the first known car hacking attempts occurred. A disgruntled employee gained access into the web-based vehicle mobilization system with his username and password and was able to disable the car's ignition system and make the horns beep. The Federal Trade Commission is concerned that the IoT devices are putting consumers at risk. Ethical hackers are getting into the game as many are starting to have some serious concerns about mission-critical applications that include public infrastructure, automobiles, and medical devices.
When an architect begins to design a building, there is a set of codes and standards in which they follow to provide safety for the client. However, IoT manufactures are flying blind as there is no standards or common language. With the rapid expansion of the IoT, vendors and manufacturers have not even discovered the extent of the vulnerabilities. How can we build in security when we're not even sure of all the risks? Developers are working on incorporating security modules that include user and password management, and secure storage, along with anti-counterfeiting and authentication solutions.
User education will encourage users and consumers to check to see what vulnerabilities the device may have. Before using IoT devices in a home or in an organization, consider security risks before implementation. However, IoT vendors must operate under the assumption that a general consumer will have no interest or no knowledge on how to secure their own device and take steps to provide the necessary security.
In this course, join Lisa Bock as she explores the relationship between security, privacy, and the IoT. Lisa discusses how the vulnerabilities in IoT devices have the potential to compromise user privacy and make them more susceptible to attacks and glitches. In addition, she discusses IoT privacy concerns; existing standards, regulations, and guidelines, such as HIPAA and Sarbanes-Oxley; and proposed standards and legislation that are currently in the works to ensure the privacy of the data collected on the IoT.
- Security, privacy, and the IoT
- Attacks and glitches
- Denial-of-sleep attacks
- Voice and sound attacks
- IoT vulnerabilities
- Glitches and compatibility issues
- Privacy concerns
- Existing standards and regulations
- Proposed standards and legislation
- Firewalls and IDS