Introduction
Now more than ever, individuals have smart technology everywhere. Cars, appliances, furniture, phones, lights and even thermostats can be connected to the Internet. These devices usually have week security and offer an easy route for a hacker to gain access to more valuable information through these devices. How can you be proactive and “Do Your Part. #BeCyberSmart”?
- Cars, appliances, fitness trackers and other wearables, lighting, healthcare, home security, and more all contain sensing devices that can talk to another machine and trigger other actions.
- With more connected “things” entering our homes and our workplaces each day, it is important that everyone knows how to secure their digital lives.
- More than half of all internet of things (IoT) devices are vulnerable to medium- or high-severity attacks
Ripple20
Ripple 20 is a set of vulnerabilities discovered in 2020 in a software library that implemented a TCP/IP stack. The security concerns were discovered by JSOF, which named the collective vulnerabilities for how one company’s code became embedded into numerous products.
Ripple20 reached critical IoT devices from a wide range of fields, involving a diverse group of vendors. Affected vendors range from one-person boutique shops to Fortune 500 multinational corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter, as well as many other major international vendors suspected of being of vulnerable in medical, transportation, industrial control, enterprise, energy (oil/gas), telecom, retail and commerce, and other industries.
Interview
“The two stats that you just mentioned, I think really go hand in hand in answering your question. So 98 percent of IoT device traffic being unencrypted, meaning it’s in the clear, anyone can go and see it if they are able to access it on that network, sort of gives you an indication around how the software and how the protocols for these are being done” O’Donnell said. Sadly these devices are being developed without security as a priority.
Conclusions
- Change your device’s factory security settings from the default password. This is one of the most important steps to take in the protection of IoT devices. According to NIST guidance, you should consider using the longest password or passphrase permissible. Get creative and create a unique password for your IoT devices. Read the Creating a Password Tip Sheet for more information.
- Many connected appliances, toys, and devices are supported by a mobile application. Your mobile device could be filled with apps running in the background or using default permissions you never realized you approved— gathering your personal information without your knowledge while also putting your identity and privacy at risk. Check your app permissions and learn to just say “no” to privilege requests that don’t make sense. Only download apps from trusted vendors and sources.
- Properly secure the wireless network you use to connect Internet-enabled devices. Consider placing these devices on a separate and dedicated network.
- Whether it’s your computer, smartphone, game device, or other network devices, the best defense is to stay on top of things by updating to the latest security software, web browser, and operating systems. If you have the option to enable automatic updates to defend against the latest risks, turn it on.
References
Cimpanu, C. (2020, June 16). Ripple20 vulnerabilities will haunt the IoT landscape for years to come.
Retrieved October 25, 2020, from https://www.zdnet.com/article/ripple20-vulnerabilities-will- haunt-the-iot-landscape-for-years-to-come/
Internet of Things. (n.d.). Retrieved from https://www.cisa.gov/sites/default/files/publications/NCSAM_InternetofThings_2020.pdf
O’Donnell, L. (2020, April 22). More Than Half of IoT Devices Vulnerable to Severe Attacks. Threatpost.