Why is the IoT device vulnerable?How to deal with it

IoT equipment that can be used in various fields

IoT is an abbreviation of "Internet of Things" and is translated as an Internet of things in Japanese.The so -called concept that uses things that assume connecting to the Internet is called IoT.

However, conventional personal computers, smartphones (hereinafter, smartphones), servers, etc. are not applicable to IoT devices.On the other hand, instead of directly connecting to the Internet, sensor devices that connect to the Internet via a router or the like are also an IoT device.In addition, the interpretation that the router itself is included in the IoT device is common.In addition, typical products called IoT equipment include electronic tags, beacons, sensors, and network cameras.

IoT equipment is being used in various fields, including offices, agriculture, medical care, nursing care, and construction.The use of IoT devices is also attracting attention from the viewpoint of developing new services by connecting the Internet, improving and improving operations using beacons, sensors, cameras, and promoting work style reform.

Why IoT devices have vulnerabilities

Although the shape of the IoT device is different from a personal computer or smartphone, it has a computer even if it is small.In addition, it has the characteristic of being connected to the Internet, which can be a target of cyber attacks just by running.

Regarding PCs and servers used in offices, there is a growing security awareness of recent security awareness, and measures have been taken, including the introduction of security software.There are a certain number of pieces and IoT devices that are difficult to be recognized as a computer as described above, and some have not even taken basic measures.User IDs and passwords required for access to equipment are often left in the initial state.

Against this background, there are cases where known vulnerabilities have been left unattended.There are a number of cases where equipment continued to be left alone despite being infected with malware, and was unknown to attack others.In particular, vulnerabilities are increasing in built -in TCP/IP stacks that have been widely used in recent years, and it is said that there are hundreds of millions of IoT equipment to be targeted.

■ Security of IoT devices that tend to be lost behind convenience >> Click here for details

Examples of cyber attacks for IoT equipment

With the increase in IoT equipment, cyber attacks aiming at IoT equipment are a major risk.A typical example of cyber attacks for IoT devices includes DDOS attacks by MIRAI discovered in 2016.On September 20, 2016, KREBS ON SECURITY received a large DDOS attack exceeding 620 Gbps.The DDOS attack was performed on a botnet built by an IoT device infected with MIRAI.

In addition, on October 21, 2016, DYN (Dyne), which provides DNS services, received large -scale DDOS attacks, and web services such as Twitter, Netflix, PayPal, and PSN (PlayStation Network), which are the customers of the company, are temporarily.I was affected by stopping.With the release of MIRAI source code at the end of September 2016, the MIRAI varieties have been born, and the risks are still remaining.

■ Risk to know when using IoT equipment in the office >> Click here for details

The factory is also targeted for smart factory

Cyber attacks aimed at IoT equipment are also aimed at other equipment used in offices and homes.There is a movement to pursue efficiency and aim for a smart factory, which is also called the next -generation factory.In the past, factories have used industrial robots and automatic assembly machines in the flow of FA (factory automation).However, these devices were designed to be completed and operated in the factory, and there was no need to connect to the outside on the Internet.Of course, although there are coordination between equipment, it was almost limited to M2M (MACHINE TO MACHINE), which consists of a network in the factory.

However, the use of IoT devices connected to the Internet is indispensable for realizing smart factory.The problem here is the on -site operation policy.Even if the factory facilities are updated, the operation is still old, dragging the rules at the time of completion in the factory.As a result, there may not be sufficient security measures that are essential for IoT equipment, such as regular updates to the latest firmware.

The trend of the opening of the control system also promotes the risk of cyber attacks.The existence of a factory is the core of the business for the manufacturing industry, so it has a great deal of damage when attacked, and can be said to be a good target for attackers.In fact, in 2005, 13 US automotive factories were infected with worms, and for nearly an hour offline, it could not be operated by $ 14 million.In addition, cyber attacks aimed at important infrastructure such as power plants and water purification plants as well as factories.Naturally, if a problem occurs, it can cause major damage.

To protect IoT equipment from cyber attacks

Using IoT devices without being taken measures against cyber attacks is changing not only in a compliance perspective but also for preventing corporate brand damage.The following five points are important to protect IoT devices from cyber attacks.

・ Change user ID and password from the default

User IDs and passwords of devices such as routers are often given defaults such as "USER" or "Admin" in the default (set at the time of shipment).The initially set password is easy to guess, so be sure to change it.In that case, I want you to set a user ID and password with as high as possible (hard to break).Attackers have frequently used user IDs and passwords as a list, and try to make unauthorized access by launching a Blue Force attack based on the list.

■ Established laws in California to prohibit using the Internet connection device with the initial password. Click here for details

・ Update firmware to the latest

In IoT equipment, there are many cases where firmware has vulnerabilities.In recent years, vendors have emphasized dealing with vulnerabilities, and as soon as the vulnerability is discovered, patches have been distributed as soon as they are discovered.I want to apply the fix patches that the vendors have started.

■ Bugs lurking in the firmware are exposed to many ordinary household routers as the risk of attack >> Click here for details

・ Old IoT devices that are no longer used turn off the power.

In some cases, malware invaded from old IoT devices that were no longer used, and gradually expanded infections.For such old IoT devices, if possible, remove the LAN cable and physically separate the network.If you cannot physically separate it, the safety will increase by removing the power cord or battery and not connecting to the network.

・ Check that the IoT device is not a security hole

You can search for your own IoT equipment by using device search engines such as Shodan and Censys.The search results screen also displays the open port information and other security vulnerabilities, so it is a good idea to investigate security measures.

■ Do you know SHODAN?What is the danger of being abused?>>> Click here for details

・ Vulnerability diagnosis / Use of penetration test

Survey the damage level by implementing an attack such as invading and falsification in the same way as the attacker according to the actual assumed attack scenario, which diagnoses system vulnerabilities using tools.The use of the penetration test is also effective.By reconsidering measures based on these results, you will be able to reduce the risk of important bases such as offices and factories causing cyber attack damage.

■ What is a penetration test that verifies the feasibility of system invasion? [Part 1] >> Click here for details

In order to protect companies from cyber attacks aiming at IoT equipment, it is important to first understand the characteristics of IoT equipment.I hope that not only the administrator, but also the user who actually use these devices, it should be thoroughly used to use it in a vulnerable state of cyber attacks.

※本記事はキヤノンマーケティングジャパンのオウンドメディア「サイバーセキュリティ情報局」から提供を受けております。著作権は同社に帰属します。

Forefront of security

[PR] Provided by Canon Marketing Japan