Penn State students say they can improve IoT device security through combined techniques

Penn State students say they can improve IoT device security through combined techniques
IoT News is a practical resource providing news, analysis and opinion on the burgeoning Internet of Things ecosystem, from standardisation, to business use cases, and development opportunities. We take the best research and put our own spin on it, report from the frontline of the industry, as well as feature contributions from companies at the heart of this revolution.

A team of students at the Penn State World Campus say they have developed a multi-pronged data analysis approach capable of averting cyberattacks in IoT devices, such as smart TVs, home video cameras, and baby monitors.

One of the students in the team said that more than 20 billion IoT devices would be in operation by 2020 and these devices will be an easy prey to hackers and cyberattackers, as there is no strategy in existence to detect a network security attack.

In order to solve the problem, the team applied a combination of approaches mostly used in traditional network security management to an IoT network simulated by Australia’s UNSW Canberra. They demonstrated how statistical data, machine learning, and other data analysis methods could be applied to enhance security of IoT systems across their lifecycle. An intrusion detection and a visualisation tool were used to determine whether an attack had already occurred or was in progress within that network.

In a recent interview on Verdict, F-Secure’s chief research officer, Mikko Hyppönen, warned that IoT devices could be the “asbestos of the future”, due to their insecure nature that makes it vulnerable to get exploited by the Mirai botnet. Hyppönen said: “What’s happening right now, around us, I guess would be characterised as IT asbestos. We are currently in the early stages of this revolution, but, eventually, anything that uses electricity will be online. So this is going to happen, whether we like it or not.

"Everything will become a computer and right now this seems like an excellent idea to many of the companies in this business.”

Research by Independent Security Evaluators (ISE) last month found at least one web application vulnerability, such as cross-site scripting (XSS), operating system command injection (OS CMDi), or SQL injection (SQLi) in all of the 13 assessed devices. According to ISE, these vulnerabilities could be used by cyber-attackers to get remote access to the device’s shell or to the administrative panel. It acquired root shells on 12 of the devices, which allowed complete control over them. Six of these can easily get misused remotely without authentication.

 Interested in hearing industry leaders discuss subjects like this? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published.