Internet of Things (IoT) has been around for quite some time, there are countless applications built around the IoT technologies, but as part of the vast internet, IoT security hasn’t gained too much of spotlight though many IoT security incidents were reported repeatedly over the last few years.
Very often, IoT devices were NOT built with security in mind. This usually comes from the limitation of those IoT devices— microcontrollers/microprocessors that are with very limited resources or stripped down Linux-based embedded system. These devices usually only have a few designated functions and are often not considered as computers, yet all of them are able to carry out simple command, computation and network traffic.
According to Gartner’s report — “IoT Security Primer: Challenges and Emerging Practices” dated 6 Jan 2020,
Over 80% of organizations currently use the Internet of Things (IoT) to solve business use cases and almost 20% of organizations have already detected and IoT-based attack
Since IoT is expected to worth USD **1,319.08 Billion** by 2026, the security issue of this industry should not be overshadowed by the hypes and convenience of IoT applications. Why? Let's look at an example,
In 2016, a large-scale Distributed Denial of Service (DDoS) attack was launched against U.S. east coast, rendering much of the internet in the region inaccessible. This is known as the Mirai botnet, a simple yet clever malicious cyber attack against specifically the IoT devices that we see everyday.
What it did was it hack those IoT smart camera and similar IoT products using the factory default username and password, and amazingly gained access to millions of IoT devices and then turn them into a botnet army, with the great volume, many network infrastructure fell for the attack.
Mirai is only a tip of the iceberg but it is enough to remind us that IoT security is a serious topic and should be given more thoughts and spotlight.
I will be sharing more IoT security related topics during this event , some are general information meant to introduce the concept, but I have also planned to share some hands-on topics on how to detect IoT vulnerability and how to exploit them, so stay tuned for more! 