3 IoT Security Breach Instances to Remember
December 15, 2018 | IoT
The Internet of Things (IoT) growth story has been phenomenal. Every great story, however, has a dark side. With the huge number of devices becoming online day in and day out, reaching the figure of billions, hackers spot the Eldorado to plunder—causing security breaches, privacy violation, loss of data and information for businesses, impairing infrastructure, and sometimes even health and medical disasters. Is there a way to eliminate or at least mitigate such damages?
Voices from the world about IoT Security
- According to a report by Forbes, by 2025, there will be about 60 to 80 billion active smart devices connected to the internet all across the globe.
- In the year 2016, the DDoS (Distributed Denial of Service) attacks took the world by storm affecting IoT services and devices detrimentally. Experts from the technology world were shaken by this eye-opener that attested to the stark existence of security threats and that it was not a hypothetical phenomenon but a real one.
- According to a recent study by Hewlett Packard, almost 90 percent IoT devices collect some or the other form of personal information. This implies that the customers are always vulnerable to a privacy breach. With an exponential rise in the number of IoT devices in use, the potential of such threats goes up manifold.
- As per the report from Entrepreneur, about 70% IoT devices in the market are vulnerable right from their immediate usability or functionality.
3 instances that interrogated the security of the technology world
- The Widespread DDoS Attack by Mirai Botnet
The largest attack resulting in widespread Distributed Denial of Service (DDoS) attack, the Mirai Botnet, was aimed at turning Linux-based devices connected to the Internet into remotely controlled bots. This botnet, launched in 2016 affected myriad IoT devices mainly home routers and IP cameras.
Devised Solution: The Mirai program found that unless you reboot the system and change the password, the malware existed in the system. From a table of 60 usernames and passwords, they identified the vulnerable IoT devices.
Security Verdict: Always update the system password and the operating system in a timely manner.
- Hack-able Cardiac Devices
The Food & Drug Administration (FDA) in 2017 identified that the pacemakers and defibrillators of St. Jude Medical were hackable. The battery of these devices could be depleted to result in erroneous pacing and even shock leading to jeopardize patient’s health and well-being to a devastating extent.
Devised Solution: The devise transmitter that reads and shares device data was identified as a vulnerable spot and a patch fix was devised and implemented for the bug.
Security Verdict: IoT device security in the healthcare sector must be addressed at the forefront since it can put the health and lives of the people at significant risk.
- Damaging Iran’s Nuclear Project with Stuxnet
In 2014, the Uranium enrichment facilities in Iran were attacked by a malicious computer worm called Stuxnet that targeted the PLCs extracting nuclear material. Stuxnet was introduced into the computers via an infected USB device that gained control over numerous factory lines and centrifuges.
Devised Solution: Siemens developed a tool specifically for Stuxnet resulting in its detection and removal from the system.
Security Verdict: Siemens proposed that such security breaches can be avoided by installing Microsoft updates, ruling out the use of third-party USB flash drivers and updating the password access code.
Raising a Workforce of IoT Security Spartans
In this war of hackers v/s responsible IoT community, the latter have to be geared up all the time since for a hacker, success means breaching the system once or more, but for all of us, the white shaded IoT community, success is a consistent journey in which we have to outwit the hackers all the time.
We need a strong and diversified workforce to combat the threats those are present and also those that are anticipated. Online training and certification plays a significant role in building up such a workforce quickly. Enrolling for an e-learning or online training and certification course in IoT Security from a reputed training provider has several benefits:
- Planned and focused learning based on the curriculum set by the training provider.
- A diverse pool of industry expert trainers having expertise in other related cutting-edge tools and technologies.
- The fact that being a certified professional is much better than being a complete fresher.
- A blended training deliverable with different modes of learning (social, game-based, interactive, etc.) and not just a boring text-heavy material.
- A customizable training program based on academic qualification, aspirations, interest and inclination.
The list although conclusive, is not exhaustive. Online training and certification in IoT security can transform individuals into IoT security professionals, and corporate workforce into elite IoT security specialists. With such a formidable security workforce, breaches of the type discussed above will become a thing of the past not to be repeated again, and foiled out before surfacing.