The Internet of Things has become a popular destination for hackers, due to its rapidly expanding popularity. There are literally billions of IoT devices all over the globe, just waiting for the right hacker to come along and exploit their every weakness. After several IoT driven attacks happened this fall, more and more experts in the infosec community are becoming aware of the weaknesses these devices bring to the table.
Previously to this rash of attacks, some experts were still trying to find ways to fix the major security issues these devices had punched into existing networks.
Tor has taken a part in trying to help secure the IoT as well. By utilizing Tors Onion Protocol, vendors on the IoT will be able to easily use secure communications and securely update the delivery process for their devices. By using Tor along with the IoT, most of the angles of attack for smart devices will be eliminated.
Security Compass is also adding a helping hand by proposing that XMPP be used as the communications protocol for all IoT devices.
A press release from the company read, “XMPP provides a solid, flexible foundation for security features. XMPP facilitates identity management, authentication, authorization, Off-the-Record Messaging, and end-to-end encryption. “
“The Security of the core XMPP protocol is essentially based on requiring use of the Transport Layer Security and Simple Authentication and Security Layer. TLS provides confidentiality and integrity for data in transit. SASL provides an extensible framework for authenticating involved end parties and helps to protect against user spoofing, unauthorized usage, and man-in-the-middle attacks,” the release also stated.
While this all sounds well and good, others say there may be other areas that might need tending to as well.
Senior E-threat Analyst for Bitdefender said:
“Security researchers have not only found that some IoT device broadcast credentials or data in plain text, but also that they lack basic security best practices such as hard-coded or no management passwords and even the lack of firmware updating mechanisms. While it’s great that there are initiatives that involve adding an encryption layer on top of machine-to-machine communication, there’s still much more to be done. We’ve seen IoT devices that lack such things, meaning that once a vulnerability is found in one of them, there’s no way to fix or patch it throughout its entire lifetime. This means that you’ll probably end up connecting a vulnerable smart device to your home network, without ever having the ability to secure it.”
Among the ways to heighten security is the Department of Homeland Security’s work in progress; a guideline for the Internet of Things. It is unknown still whether it will be a guide to mandatory implementations, or if it will be nothing more than recommendations.
Other countries have already begun the fight against hacking on the IoT. The EU is currently working on a sticker system of all internet connected equipment. The EU commission reportedly wants to use stickers as a means to inform purchasers of the safety issues that could be associated with the device. The Commission believes instating this type of regulatory system will give device manufacturers a push to create more secure devices. Higher security capable devices will be given special permissions to use a higher class sticker.
Another notable company entering the fight is MITRE, who are hosting a challenge to help come up with new ideas and technology to help secure the IoT. MITRE’s challenge holds a $50,000 reward for the best ideas and innovations.
“We’re looking for a simple, affordable solution to identify devices within an IoT network so rogue devices can be discovered. The MIRTE IoT challenge is looking for the solution, not the problem,” the contest website reads.