On the Internet, the security industry protects us from harm by promoting and implementing security practices. These built-in security practices include mutual authentication, encryption, security protocols, and trust. But in the real world, the Internet of things (IoT) has not built a similar built-in security framework in most cases. This is because people have many things long before they connect and / or become intelligent. In 2014, Symantec structured the term in the space of things by defining the difference between built-in and bolted security components.
Using built-in components, security is an important part of the device, and the bolt component adds these security features after the event. Because the Internet of things influences the physical world through the man-machine interface of the device, the attacks on Internet connected IOT devices are not stable, and the security is low. It is not only easy, but also more dangerous.
Presence of Shutterstock
In buildings, we trust smart sensors to manage critical daily tasks, such as turning on lights, detecting air and water quality threats, and managing heat and ventilation. From a bolt point of view, adding a network architecture with Internet capabilities seems to be a harmless and useful function to achieve higher connectivity.
Unfortunately, these sensors and controllers are not designed to expose the threat of exposure to the building's control system when connected to the internet. Without the underlying security architecture, these security architectures run securely over the Internet, increasing the potential source of attacks and diversifying them.
Traditional Internet security is still important for the Internet of things, but it is not far enough. Designing proper authentication, authorization, billing, encryption, intrusion detection, software signatures, and trust models can facilitate interaction between online devices. But in smart ovens, smart locks, connections, shoes and workout clothes, mirroring and enhancing these mechanisms need to be very careful. Security vulnerabilities may pose an imminent physical threat to the user.
For example, in 2017, the researchers used low resolution camera to collect the things used to unlock the Android mobile phone sliding mode data in the shopping plaza, and found a set of possible models, test cases can be in more than half of the mobile phone to unlock.
Most importantly, this attack is not aimed at special high-end smart cameras. It is achieved by obtaining enough different data from many common low resolution, consumer level cameras. If an attacker can access the user's mobile phone, and the protection of personal data only through sliding mode, the attacker can access all IoT users, which include home automation, vehicle protection and health monitoring system.
In the Internet of things, attack is more than just a metaphor - it's a physical attack in the physical world. These can also be physically initiated without attackers or even online, and do not know how to install legitimate and easy to use packet sniffer applications. For example, imagine a public building in a motion detector connected with IoT, which has the characters of science to malicious intent to enter the building, and intentionally trigger sensor, wireless communication and wireless network sniffer to capture to motion in the detection of encryption.
This person can store the data in a mobile device and collect enough data to build a library of encrypted communications. Then, they can create an encryption key smaller than the original almost infinite array of cryptographic key, and this also Alan Turing with poor error, using a set of abbreviations or comment on the weather during the Second World War to end secure communication.
The ability to infer that a particular packet comes from an event at a time is the key to reducing the well - encrypted data structure to easily readable code. And through access to the data of Baotou and other building structure, the system (such as electricity and heat) malicious attacks become possible - all because someone downloaded an application before and after the motion sensor placed in front of a few minutes.
Hotel Austria Wien is a recent activity highlights another type with IoT function. The hotel door lock hacker ransom and the people inside, and the effective price point design, hackers use a commercial system, excessive trust network key solution method has no physical buttons or bypass. Hackers in this way have access to large amounts of access to vulnerable systems.
In this case, security fixes will be simple. Preventing such attacks involves programming electronic locks, disabling and default mechanical faults. This is a low cost, low investment and preventive measures, but it requires the engineer that safety pre emptive and often in the old ways, such as, "how can we secure things are connected,", "how to connect what is the highest level of security in our new network model is built?"
IBM recently demonstrated the importance of these physical factors by performing an anonymous "moral hacker" of an intelligent office building". Using traditional hacker technology, the company is unable to obtain full access to building control and automation systems. But after driving through the building and connecting to the local network of the building, they can finish the job. If the body is taken into account, the hypothetical hacker is impossible.
Instead of suppressing inflation, the built-in IOT security model suggests that physical security provides the basis for a higher level of network protection. With this foundation, a safer and more extensive interaction with the Internet is possible.