Vulnerabilities in IoT systems

In order to secure IoT systems to data confidentiality, privacy, and integrity, it is important to understand the various vulnerabilities or security weaknesses of IoT systems that can exploited by cybercriminals. Most of the security vulnerabilities of IoT are found at the physical layer of the IoT reference architecture, which consists of the IoT devices. As discussed in the previous sections, IoT devices have limited computing and communication resources, making it difficult to implement strong security protocols and algorithms that can ensure that the confidentiality, integrity, availability, accountability, and nonrepudiation security requirements of IoT data and systems are satisfied. Hence, the security measures often designed and implemented to secure IoT data and systems are not sufficient, making IoT systems vulnerable to several types of cybersecurity attacks and easier to compromise.

As IoT devices are being integrated into existing systems of businesses, personal devices, household systems, and critical infrastructure, they are becoming attractive targets for cybercriminals, making them vulnerable to constant attacks. Cybercriminals are often searching for security weaknesses (vulnerabilities) in IoT devices that they can exploit in order to steal or damage data, disrupt the quality of service, or coordinate the devices to conduct large-scale attacks such as DoD/DDoS attacks or any attack to compromise other systems, especially critical infrastructures.

Given the serious risk posed by security weaknesses in IoT systems to IoT services and other services in society, including the possibility of causing loss of human lives or disrupting society as a whole, it is important to identify IoT security vulnerabilities and address them before cybercriminals can exploit them. The proliferation of diverse IoT devices across various sectors in society with very little or no standardisation and regulation has increased IoT vulnerabilities and attack surfaces that can be leveraged by cybercriminals to compromise the data that is collected using IoT devices and to compromise existing systems. Some of the IoT security vulnerabilities include the following:

• Embedding of passwords on the IoT devices: In order to facilitate remote technical support, IoT engineers and developers must remotely access the devices for configuration during deployments and troubleshooting during the operations and maintenance of IoT networks with many devices. This makes it easy for cybercriminals to have access to IoT devices and can exploit them for malicious purposes.
• Lack of authentication and mechanism: Sometimes, some IoT manufacturers ship devices without incorporating any authentication mechanism, making the devices vulnerable to unauthorised access by malicious attackers, which violates the confidentiality, privacy, and integrity of IoT data. They may also take over the devices and use them for malicious purposes. Thus, devices without any form of authentication are rugged devices that can used as an attack surface to conduct advanced attacks on IoT systems and other critical resources.
• Weak passwords: In order to make their devices easy to use, device manufacturers ship devices with default security such as hardcoded passwords, which users are not able to change or default usernames and passwords or provide a simple way of logging into the device. Since the security credentials set by the manufacturer are easy and are never changed, attackers usually exploit them to gain access to the device, compromising the confidentiality and integrity of the data. They can use the devices for further attacks.
• Backdoors: Most IoT manufacturers create hidden access mechanisms called back doors (user-id/password or open ports) to permit them to support the devices. Attackers often access these back doors and then exploit them to launch attacks (e.g., botnets and other malware attacks).
• Failure to install security patches and updates: Some IoT manufacturers do not provide a simple and effective way to install security patches and updates, making it difficult for IoT service providers to resolve security vulnerabilities before they can exploited by cybercriminals. Unlike traditional computer systems that have mechanisms for continuous installation of security updates and notification of security changes due to updates, IoT devices are very simple and lack these features, making them vulnerable to cyberattacks. Also, due to their simple nature, IoT devices are vulnerable to attacks such as unauthorised software and firmware updates. IoT manufacturers do not even release patches or updates of the software that comes on their devices, and attackers exploit them. And even if patches and updates are released, users have difficulties adding them to the device, and most of the vulnerabilities in these devices are never patched
• Poorly protected network services: The wireless communication channel between the IoT device and the access point or gateway is a major attack surface often used to attack IoT devices. One of the network vulnerabilities due to unprotected network services is Unencrypted communication channels. Because of the energy, cost and processing power constraints, most IoT manufacturers do not implement any cryptographic mechanism to ensure secure communication. This makes it easier for attackers to launch man-in-the-middle attacks on IoT networks. Without protecting the communication between the IoT devices and the servers, confidential data, including authentication credentials, can be compromised and used to launch further attacks, such as DoS/DDoS attacks. Also, there are some unnecessary services, such as unprotected ports, that cybercriminals can exploit. That is, failure to disable unused ports or to protect used ports with a firewall leaves them vulnerable to cybersecurity attacks.
• Internet exposure: Some IoT devices are connected directly to the internet without firewalls or any form of security mechanism and are likely to be attacked.
• Unprotected interfaces: Some vulnerabilities in IoT systems can be introduced by poorly secure or unprotected interfaces (e.g., web, backend APIs, cloud, fog interfaces), which make IoT devices and other resources vulnerable to cyberattacks. Weak (and sometimes lack of) authentication/authorisation and cryptographic mechanisms make the communication through these interfaces vulnerable to cyberattacks as there is access control to important resources, lack of accountability, and protection of data and systems from being compromised.
• Use of outdated components: Sometimes IoT device manufacturers are not able to resolve hardware or software security vulnerabilities that have been discovered in IoT devices, forcing IoT service providers to keep using the devices without any security improvements to deal with the known vulnerabilities. These outdated devices with well-known security vulnerabilities become sweet pots for cybercriminals to exploit, compromise, and damage IoT systems and resources.
• Supply chain vulnerabilities: The IoT supply chain consists of manufacturers (manufacturers of semiconductor chips, hardware parts, IoT devices, software), distributors, vendors, service providers, and users. Vulnerabilities may be introduced into the IoT devices at any stage of the supply chain. It could be in the form of a piece of compromised software or hardware that has been manipulated or installed to introduce security weaknesses that make IoT devices vulnerable to IoT attacks or easy to compromise. The objective of supply chain attacks could be for cyberespionage (data theft or compromise) and to exploit the devices to launch sophisticated cyberattacks. The use of poorly designed third-party software (such as libraries, drivers, kernels or hardware components) that are installed on the devices or are part of other applications or firmware may introduce several vulnerabilities that may eventually be exploited to compromise the devices or use them for further attacks on infrastructures. One of the sources of supply chain vulnerabilities is the use of third-party software and hardware components without properly checking for security vulnerabilities and resolving them before incorporating the components into IoT products. In some instances, IoT device developers sometimes copy codes from online sources and add them to their programs for IoT devices with the sole purpose of getting the desired functionalities of the device running. Another form of supply chain vulnerability is the implementation of very little or no security mechanism on the IoT devices either by the IoT device manufacturers or developers (when deploying the device), making them vulnerable to attacks. One of the major challenges of supply chain attacks is that the users are hardly aware of these weaknesses and how many of the devices in their infrastructure from different manufacturers possess such vulnerabilities.
• Outdated firmware: After IoT devices are deployed, some IoT service providers do not update the firmware or software running on the devices for a very long time. Some do not update at all, leaving them with vulnerabilities that may be exploited.
• Poor device management strategies and policies: Some IoT devices are deployed without unique identifiers to enable the tracking, monitoring, and management of IoT devices. As a result, some IoT nodes sit on the infrastructure without being properly monitored and managed to ensure that any form of vulnerability can be identified and resolved. If the cybersecurity department is not aware of the presence of some IoT nodes, then they cannot protect them, leaving them vulnerable to attacks. Some IT administrators neglect IoT nodes without giving them the same security efforts they do for traditional computing and networking nodes and do not list them on the inventory of assets that need to be protected; thus, the devices are rarely updated and maintained to ensure that they cannot be compromised or exploited.
• Poor security key management protocols: If the cryptographic keys are compromised, the IoT devices become vulnerable to man-in-the-middle attacks and other kinds of attacks that could disrupt the IoT service or compromise the IoT data.
• Poor physical hardening of the IoT devices: The fact that IoT nodes are often deployed in outdoor or remote environments makes them physically accessible to criminals who could compromise them. A criminal could either physically damage the device, extract information, or manipulate the device such that it is not able to perform its normal functions. For example, an attack may copy the data stored in the memory of the device and may even replace some components with compromised ones, which could give them remote access to the devices.
• Data management vulnerabilities: For large-scale IoT deployments with thousands, tens of thousands or hundreds of thousands of IoT nodes, the sheer volume of IoT data collected is so huge that traditional data management systems may not be able to handle them securely. That is, the confidentiality and integrity of the data may be compromised due to data storage, processing, and retrieval vulnerabilities in data management systems, which get worse with the scalability of IoT assets.
• Vulnerabilities standardisation: Although there are lots of efforts to ensure proper standardisation in the IoT ecosystem, there are standardisation and interoperability issues. It makes it difficult to design an integrated security system to protect IoT devices from different manufacturers with diverse vulnerabilities. The too diversity in the IoT devices from various manufacturers makes it difficult to integrate IoT devices into existing security frameworks, resulting in weak IoT security or security being taken for granted leaving the devices vulnerable to attacks.

Although IoT vulnerabilities cannot all be eliminated, there are best practices that can be adopted to ensure that IoT vulnerabilities are not easily exploited to compromise IoT data and systems. Some of the security measures and practices that can be adopted to harden IoT security and mitigate the risk of an IoT attack resulting from the exploitation of any of the IoT vulnerabilities include the following:

• Adoption of security by design principles: At every stage of the IoT lifecycle of the IoT systems, from the design, manufacturing, deployment, operation and maintenance to the decommission and disposal stage, security control measures should be considered and incorporated to ensure that IoT data is not compromised or that the device is not exploited to conduct sophisticated attacks. In this way, every stakeholder in the IoT device supply chain is aware of the various vulnerabilities and implements appropriate measures to resolve them and ensure that they cannot be exploited to compromise the IoT devices or data. Security by design requires close collaboration between IoT designers, engineers, and cybersecurity experts to ensure that security is among the key design criteria. Before IoT devices are released to the market and when they are deployed, there should be a tough security assessment (e.g., by penetration testing or vulnerability scanning) to identify potential vulnerabilities in IoT hardware or software components and communication protocols. In case some vulnerabilities are found, they should be resolved as quickly as possible.
• Design and enforcement of strong password policies: Devices with hardcoded or embedded passwords should not be deployed in IoT infrastructures, and rather than hardcoding passwords on IoT devices, manufacturers should be required to provide the option for users to create user names and passwords for their devices. Default user names and passwords on IoT devices, access points and gateways should be changed. The password used should be strong enough, and simple and overused passwords should be avoided. It is important to use new, unique, and complex passwords that follow strong password policies. Effective password management policies should be implemented, making it easy to easily and securely update and reset passwords.
• Mandatory authentication: Every IoT device should be required to authenticate before joining the network, and those without authentication mechanisms should be rejected. This implies that every IoT device must be identifiable and can only be admitted into the network after proper authentication. If possible, multifactor (e.g., two-factor) authentication should be implemented. These measures will ensure that only authorised users and IoT devices can have access to IoT resources, reducing the risk of a security breach.
• Implementation of effective network security mechanisms: IoT network services and protocols should be properly protected. Port forwarding should be disabled, and ports that are not needed should be closed. Authentication should be required to access IoT networks. Also, network security tools such as firewalls, intrusion detection systems, and intrusion prevention systems should be used to inspect the traffic coming from various sources, and malicious traffic sources should be blocked. Secure network protocols such as TLS/SSL and cryptographic protocols should be used to secure the communication channels. Network segmentation techniques should also be employed to isolate IoT networks from the rest of the infrastructure and to isolate the various IoT networks (especially those integrated with critical assets) to contain potential attacks on isolated segments and to mitigate the risk of compromising critical assets.
• Regular update of software and firmware: Regular installation of software and firmware updates ensures that the latest security patches are applied to fix security holes or gaps, reducing the chances that existing software security vulnerabilities can be exploited. Manufacturers should make the process of installing software and firmware updates or patches to be as simple or easy as possible. In the ideal case, it should be an automatic process or require just a single click without complex installation procedures.
• Avoid prioritising ease of use over security: Plug-and-play devices require very few or no additional settings or configurations, introducing vulnerabilities as they can easily be exploited. Avoiding the use of plug-and-play devices and other systems that are easier to deploy and use but easier to compromise.
• Securing the APIs: The APIs that facilitate the communication between the IoT devices, data collection points, and user interfaces should be properly secured by the implementation of strong authentication (e.g., OAuth for secure authentication), encryption (HTTPS to ensure that the data is encrypted), and access control mechanisms (e.g., validating every input to prevent inject attacks) ^[1]. Thus, the implementation of API security techniques prevents unauthorized devices and users from accessing the IoT devices and compromising the IoT systems or data.
• Validating firmware using secure boot mechanism: This ensures that the device is running authorised firmware, protecting the device against malicious software and firmware tampering. In this way, the device verifies the digital signature of the firmware during the boot process. It prevents the execution of unauthorized or modified firmware, ensuring the integrity of the device. Thus, manufacturers should incorporate mechanisms to verify the authenticity of the firmware at startup and to securely update the device, which will ensure the security of the devices throughout their lifecycle^[2].
• Use of secure key management systems: Cryptographic keys should be properly managed. In the case of an asymmetric encryption scheme of securing commutation to servers in IoT infrastructures, the PKI and digital certificate infrastructure should be used to ensure the secure management of the keys and to maintain trust.
• Mitigate risk from outdated components: Vulnerable devices should be updated, replaced, or removed from the network. That can be achieved by deploying an effective monitoring system to ensure tighter monitoring and controls to spot vulnerabilities and resolve them quickly.
• Implement and enforce zero-trust policies: This means that all devices and users inside and outside of the IoT network/infrastructure must be verified, authorised, and evaluated continuously to ensure that they are not a threat or could introduce some vulnerabilities. Over time, users or devices may be compromised and become a threat to critical resources. Thus, automated zero-trust policies are very important and must be enforced.
• Leverage machine learning tools: Leveraging machine learning tools to automate some security tasks like vulnerability and attack detection and mitigation techniques. The use of AI tools has been shown to be an effective approach to detecting vulnerabilities and attacks in IoT networks. It will be very useful for very large IoT networks. They have been added to security systems such as SIEM systems for the detection of vulnerabilities, threats, and attacks.
• Training of staff: Continuous training of IoT designers, developers and engineers to know best security practices that will ensure that they do not design, manufacture, or deploy devices with vulnerabilities that may result from an error or carelessness in the design, manufacturing, and deployment process.
• Continues education of consumers: A lot of manufacturers neglect security features because users are more focused on their desired functionality, ease of use and cost and rarely pay serious attention to security. Users sometimes misuse the devices and fail to install updates and patches. Continued education of users could be very useful.
• Physical protection of the devices: Appropriate measures should be taken to ensure that the device is not physically compromised, and if such an event should occur, it should be easily detected. Appropriate measures should be taken to ensure that data is not compromised and that the device is not exploited for further attacks.
• Implement cyber supply chain best practices: In order to reduce supply chain vulnerabilities, follow secure software development lifecycle methods, conduct a thorough review of code from internal and external sources, avoid using counterfeit hardware and software from very untrusted sources, and review the design and development processes for software and hardware from third parties. Also, check the processes for addressing vulnerabilities by vendors ^[3].