What is IOT? | How IOT Works | IOT Attack | Defend Against IOT Attacks |

The Internet of Things (IOT) is an important and emerging topic in the field of technology, economics and in society in general. It is referred to as the web of connected devices, made possible from the intersection between machine-to-machine communications and big data analytics.

The IOT is a future-facing development of the internet and abilities of physical devices that eventually norrowing the gap between the virtual world and the physical world. This section deals with some of the important IOT consepts which one should be familiar with to understand the advanced topics covered later in this blog.

Internet of Things (IOT) also known as Internet of Everything (IOE) refers to the computing devices that are web-enabled and have the capabilities of sensing, collecting and sending data using sensors, and the communication hardware and processors that embedded within the device.

How IOT Works

IOT technology includes three primary systems such as IOT devices, gateway system, data storage system using Cloud and remote using mobile apps. These systems together make the communication two end points possible.

• Sensing Technology :- Sensors embedded in the devices sense a wide variety of information from their surroundings like temperature, gases, location, working of some industrial machine as well as sensing health data of a patient.
• IOT Gateways :- Gateways are used to bridge the gap between the IOT device and the end user and thus allowing them to connect and communicate with each other. The data collected by the sensors in IOT devices send the collected data to the concerned user or cloud through the gateway.
• Cloud Server/Data Storage :- The collected data after travelling through the gateway arrives at the cloud, where it is stored and undergoes data analysis. The processed data is then transmitted to the user where he/she takes certain action based on the information recieved by him/her.
• Remote Control Using Mobile App :- The end user uses remote controls such as mobile phones, tabs, laptops, etc. installed with a mobile app to monitor, control, retrive data, and take a specification on IOT devices from a remote location.

Example :

1. A smart security system installed in a home will be integrated with the gateway which in turn helps to connect the device to the internet and the cloud infrastructure.
2. The data storage at the cloud has the infromation of each and every device connected to the network. The information possesed includes device’s id , the present status of the device, who all accessed the device and for how many times. It also includes information like how long the device was accessed last time.
3. The connection with cloud server is established through web services.
4. The user on the other side, who has the required app to access the device remotely on his mobile phone, interacts with it, which in turn makes him interact with the devices at home. Before accessing the device, he is asked to authenticate himself. If the crendentials submitted by him match those saved in the cloud, he gets an access. Otherwise, his access is denied ensuring security. The cloud server identifies the device’s id and sends a request associated with that device using gateways.
5. The security system that is currently recording the footage at home, if it sense any unusual activity, then it sends an alert to the cloud through the gateway, which matches the device’s id and the associated with it and finally the end user gets an alert.

IOT Threats

IOT devices on the Internet have very few security protection mechanisms against various emerging threats.

Listed below are some of IOT attacks :

• DDoS Attack : Attacker converts the devices into an army of botnet to target a specific system or server, making it unavailable to provide services.
• Exploiting HVAC : HVAC system vulnerabilities are exploited by attackers to steal confidential information such as user credentials and to perform futher attacks on the target network.
• Rolling Code : An Attacker jams and sniffs the signal to obtain the code transferred to the vehicle’s reciever and uses it to unlock and steal the vehicle.
• BlueBorne Attack : Attackers connect to nearby devies and exploit the vulnerabilities of the Bluetooth protocol to compromise the device.
• Jamming Attack : Attackers jams the signal between the sender and the reciever with malicious traffic that makes the two endpoints unable to communicate with each other.
• Remote Access Using Backdoor : Attackers exploit vulnerabilities in the IOT device to turn the device into a backdoor and gain access to an organization’s network.

How To Defend Against IoT Hacking

• Disable the “guest” and “demo” user accounts if enabled.
• Use the “Lock out” feature to lock out accounts for excessive invalid login attempts.
• Implement strong authentication mechanisms.
• Locate control system networks and devices behind firewalls, and isolate them from the business network.
• Implement IPS and in the network.
• Implement end-to-end encryption and use Public Key Infrastructure (PKI).
• Use VPN architecture for secure communication.
• Deploy security as a unified, integrated system.
• Allow only trusted IP Addresses to access device from the internet.
• Disable telnet (port 23)
• Disable UPnP port on routers.
• Prevent the devices against physical tampering.
• Patch vulnerabilties and update device firmware regularly.
• Monitor traffic on port 48101 as the infected devices attempt to spread the malicious file using port 48101.

I hope you get useful information there if you think anything to improve in this article you can comment below or if you need any help we will help you soon. If you are interested to learn hacking you can check here.

Originally published at https://exploitbyte.com on April 5, 2020.