Why Is IoT So Insecure?

Why Is IoT So Insecure?

Why Is IoT So Insecure?

We've had nothing but bad news regarding IoT cybersecurity these days. Mirai's been putting together unprecidented denial-of-service attacks which seem like they're doing nothing if not getting bigger. You have folks like cybersecurity demi-god Bruce Schneier proposing widespread government regulation as the only solution to the problem, too. Things don't look good, and they don't look like they're getting better any time soon.

So why did things get this bad?

Let's be honest. The central problem is that these devices have been poorly designed. I mean, we know how to harden Linux systems. We've been doing it for years. And we know that bugs exist in old kernels, too. But many of these devices have known services running on known ports with known exploitable flaws. Mirai took advantage of this, using known services (e.g. telnet) with known credentials, and just logged into remote, Internet-connected IoT devices.

Really, it's just ridiculous. You don't design systems like this. You remove all the stuff you're not using, you turn off services like telnet, and if you need to keep an SSH port open, you use strong credentials. Yes, these devices are manufactured at scale, so everything needs to be automated, but we do this with consumer-grade routers, switches, and wireless access points today. In fact, many of the companies who are creating IoT devices do this today with this kind of networking equipment, so we know they know how to do it. So why didn't they?

Read Also:
Why IoT needs AI

I think there are a couple of reasons. First, the cost of IoT devices, and associated profit margins, are really small. You make money in IoT at scale. Second, initial IoT deployments were small scale, with a very small group of engineers involved with the device operation system design. And these lead to the real problem — insufficiently hardened embedded Linux images running on these small, low-profile devices.

IoT devices are cheap.

 



Sentiment Analysis Symposium

27
Jun
2017
Sentiment Analysis Symposium

15% off with code 7WDATA

Read Also:
"A Trustworthy Dataset Is A Needle in A Haystack"

Data Analytics and Behavioural Science Applied to Retail and Consumer Markets

28
Jun
2017
Data Analytics and Behavioural Science Applied to Retail and Consumer Markets

15% off with code 7WDATA

Read Also:
How to Manage the Tension between Data Control and Access

AI, Machine Learning and Sentiment Analysis Applied to Finance

28
Jun
2017
AI, Machine Learning and Sentiment Analysis Applied to Finance

15% off with code 7WDATA

Read Also:
Is your company data-driven?
Read Also:
Why Big Data Is Key For Better Infectious Disease Surveillance, Modeling

Real Business Intelligence

11
Jul
2017
Real Business Intelligence

25% off with code RBIYM01

Read Also:
"A Trustworthy Dataset Is A Needle in A Haystack"

Advanced Analytics Forum

20
Sep
2017
Advanced Analytics Forum

15% off with code Discount15

Read Also:
How To Read Analytics Clues for a Cross-Device Marketing Strategy

Leave a Reply

Your email address will not be published. Required fields are marked *