2 minute read
IoT Hacking Techniques to Beware of the Internet of Things
The IoT is powerful but it creates an overlap between our physical and network security environments that can be exploited. This is particularly important to consider as businesses deploy more and more IoT systems within their own physical security infrastructure. Deployed improperly these security systems can become vulnerabilities themselves.
If your business uses or plans to use IoT systems it pays to know the tactics hackers might use to target them.
Advertisement
1) Skimming
A hacker can position a 'skimming' device near one of your IoT assets to wirelessly copy data. This could include copying smart card or fob access credentials, or sensitive data directly off IoT security cameras, printers, or other infrastructure. Possible Solution: Attackers and their tools need to be separated from your assets. You can require guests in your facility to deposit unapproved equipment beyond your perimeters in secure asset lockers. Or adjust access control measures at your perimeters. to do the same. This could include lifting access control data at your perimeter. Or sensitive data directly from wirelessly-enabled data mobile devices or laptops.
Possible Solution: Controlling the movement of assets and people alike is key here. A real time indoor positioning system could be used to track access keys, assets, or personnel within your facility, depending on your specific needs. Or secure your own idle electronics in asset lockers.
3) Relay Attacks
IoT technology enables organized teams of hackers to carry out sophisticated relay attacks. For example, if an employee is off-site with their access card or fob, one attacker can skim their credential data. A second attacker on site at your facility can receive that data and impersonate that employee using a dummy broadcast IoT device to bypass your access control or asset management systems.
Possible Solution: For particularly sensitive assets or keys that can never be exposed to such a threat an exit alert system could be used to notify security personnel to respond to assets approaching your perimeters.
Other Solutions
If there weren't enough indicators already, convergence has become a necessary security approach, as IoT technology has literally converged our physical and network infrastructure.
Going hand-in-hand with such a converged program comes increased communication and security education throughout your organization. IoT technology can turn any employee's mobile device into a potential threat. Your entire organization needs to be aware of and participate in your security efforts.
2) Eavesdropping
Eavesdropping attacks to intercept sensitive communication used to only take place over the Internet. Now attackers can position scanning devices physically next to IoT infrastructure on site And when in doubt, get expert assistance evaluating and deploying new systems. IoT technology is powerful but complex. Making sure it's used both effectively and securely within your organization can require insight from dedicated experts.
