IoT products and systems can be physically compromised

Consider IoT products such as Roadside Units (RSUs), which are deployed alongside roadways. RSUs interface with connected vehicles and Traffic Management Centers (TMCs). These devices are deployed in physically unprotected locations. This means that a motivated attacker can capture these devices, and analyze them for vulnerabilities.

Finding a vulnerability in one of these devices can provide information that can be used to compromise and manipulate large groups of these devices—for example, if the same default password is used across an entire family of devices. 

Commercial IoT device manufacturers face an even bigger challenge. Their products are designed to be bought off the shelf. Attackers can simply go to their nearest electronics store, purchase the device, and spend as much time as desired attempting to identify flaws. They may discover unprotected test interfaces, or perhaps a vulnerability in the cloud service interface.

Either way, attackers can use this research to craft exploits and gain access to your devices. 

Hardware security expertise is a specialized and in-demand skill. While there are steps you can take to protect your hardware, such as disabling or requiring authentication for access to test interfaces, applying Anti-Tamper (AT) protection to your devices, and incorporating hardware security modules, you should also consider taking advantage of crowd-sourced bug bounty programs. These allow you to receive tailored vulnerability reports from the community. Organizations such as BugCrowd specialize in assessments for IoT devices, as well as traditional software systems. 
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset