04 Dec IoT equipment security cannot be ignored!
Experts point out that IoT devices pose an increased risk to national infrastructure
National critical infrastructure is a state’s public, physical or virtual assets that, if damaged, can affect the stability and societal fabric of a nation. There are eight major infrastructure categories including: energy, water, communication, transportation, banking and finance, emergency services, government agencies, and parks/recreation. Uninterrupted access to critical infrastructure has always been a top priority for national security, and because of this critical nature it has also become a target of hackers.
A momentary massive blackout in a Hollywood movie becomes reality in Ukraine
On December 23, 2015, the blackout in Ivano-Frankivsk region, Ukraine, affected hundreds of thousands of households. It was later confirmed that the blackout was caused by hacker’s who used email to launch a spear phishing attack that resulted in a hacker assault on the power equipment. There has never been a record of large-scale power outage caused by hacking attacks before, so this attack was a milestone in the history of power grid security. In the 2007 movie Die Hard 4.0 there was a similar scene, but most people probably didn’t give it much credence at the time and felt this type of attack was farfetched and impossible to achieve.
Ant-like IoT bot armies may smash national critical infrastructure
In the era of IoT, hackers have new ways to smash infrastructure through the numerous IoT devices that are largely unprotected and exposed to the internet. Hackers have been able to enter private networks or take control over common high-power appliances such as air conditioners, heaters and microwave ovens that are now IoT enabled. Once hackers gain control over large numbers of these high-power IoT devices they can remotely adjust settings that cause huge spikes in power consumption, eventually overloading power grids and causing large-scale power outages.
“This type of attack is harder to find than previous attacks,” said Lin Yumin, CTO of Forceshield. “In the past, hackers had to break through physical or network protective layers to enter the power plant’s internal network to cause disruption. But now, a large number of zero-protected IoT devices are scattered around the world and can be used to create bot nets or bot armies. As long as you can master a large number of the IoT devices to deliberately create power spikes, the power grid can collapse at any time.” The power grid is just one example and in reality, almost all major infrastructure components are at high risk.
Traditional signature-based security solutions can no longer effectively respond to these types of fast-changing IoT attacks. A more proactive approach must be taken to achieve a truly effective defense. It is important to add protection layers to all internet connected devices to prevent hackers from using these IoT devices as automated bot (armies) to attack critical infrastructure facilities and networks.
Proactive and dynamic security solutions, providing true protection for IoT devices
DeviceShield uses Forceshield’s exclusive dynamic transformation technology to protect IoT devices from bot attack. Once the DeviceShield client is installed on the device it protects against external bot attacks by randomizing the system behavior and proactively monitoring the device itself for changes that could signal the device has been compromised. The DeviceShield client is very lightweight and can consume less than 100kb of memory, making DeviceShield the world’s smallest security solution for IoT devices. The ability to randomize target system behavior to achieve effective defense reduces the impact of equipment vulnerabilities on the enterprise, providing IoT device manufacturers, OEMs and system integrators with the most advanced, most efficient and customized IoT device security protection.