Security of the Internet of Things (IoT)

Abstract

Good security practices are more important than ever with the Internet of Things movement adding millions of new devices to the market every year. Every device on a network increases the attack surface of that network and every unsecured device is a door for nefarious hackers to gain access through. While devices like smart bulbs have limited functionality and customizability making them easy to lock down, a DIY project on a Raspberry Pi that is connected to the internet has so many potential uses that if it is not secured it could be used by a remote hacker to either attack the network or could be enslaved for use in a Bluetooth Vulnerability BlueBorne is a set of vulnerabilities that affect Bluetooth devices. Bluetooth has very few security measures, and the security measures that are in place tend to be a simplistic passcode that is used to connect the device to other devices. BlueBorne attacks do not require the target device to be connected to the attackers device or for the target device to be discoverable to gain access. Once the attacker picks out a target, all they have to do is identify the type of device and adjust their attack accordingly. Since Bluetooth has a lot of privileges on devices, that attacker can be granted full control WiFi vulnerabilities and unsafe practices Wireless networks secured with WPA2 were thought to be secure until October of 2017 when the Key Reinstallation Attack (KRACK) was announced by researchers at KU Leuven, a Belgium University. This method of gaining access to WPA2 traffic was not device specific leaving any wirelessly connected device vulnerable until patches were released. Some device are still vulnerable to this attack if not updated. WPA2 passwords are vulnerable to a series of other attacks if a weak password is used. Any device without a patch, secure password, and, as already known, still on a wireless network using WEP or no encryption is vulnerable. 