Penn State students say they can improve IoT device security through combined techniques
A team of students at the Penn State World Campus say they have developed a multi-pronged data analysis approach capable of averting cyberattacks in IoT devices, such as smart TVs, home video cameras, and baby monitors.
One of the students in the team said that more than 20 billion IoT devices would be in operation by 2020 and these devices will be an easy prey to hackers and cyberattackers, as there is no strategy in existence to detect a network security attack.
In order to solve the problem, the team applied a combination of approaches mostly used in traditional network security management to an IoT network simulated by Australia’s UNSW Canberra. They demonstrated how statistical data, machine learning, and other data analysis methods could be applied to enhance security of IoT systems across their lifecycle. An intrusion detection and a visualisation tool were used to determine whether an attack had already occurred or was in progress within that network.
In a recent interview on Verdict, F-Secure’s chief research officer, Mikko Hyppönen, warned that IoT devices could be the “asbestos of the future”, due to their insecure nature that makes it vulnerable to get exploited by the Mirai botnet. Hyppönen said: “What’s happening right now, around us, I guess would be characterised as IT asbestos. We are currently in the early stages of this revolution, but, eventually, anything that uses electricity will be online. So this is going to happen, whether we like it or not.
"Everything will become a computer and right now this seems like an excellent idea to many of the companies in this business.”
Research by Independent Security Evaluators (ISE) last month found at least one web application vulnerability, such as cross-site scripting (XSS), operating system command injection (OS CMDi), or SQL injection (SQLi) in all of the 13 assessed devices. According to ISE, these vulnerabilities could be used by cyber-attackers to get remote access to the device’s shell or to the administrative panel. It acquired root shells on 12 of the devices, which allowed complete control over them. Six of these can easily get misused remotely without authentication.
Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.
- » Apple, Amazon, Google, and Zigbee Alliance explore new smart home standard
- » Gartner says global semiconductor revenues down 11.9% yearly – worse than own bleak estimates
- » KVH and Kongsberg claim success with installing maritime IoT system on active working vessel
- » Teraki and Machfu raise series A funds of $11m and $3.75m to speed up automotive and IIoT markets
- » Enterprise IoT and protecting against Bluetooth endpoint vulnerabilities: A guide