Vulnerabilities in IoT Systems

In order to secure IoT systems to data confidentiality, privacy, and integrity, it is important to understand the various vulnerabilities or security weaknesses of IoT systems that cybercriminals can exploit. Most of the security vulnerabilities of IoT are found at the physical layer of the IoT reference architecture, which consists of the IoT devices. As discussed in the previous sections, IoT devices have limited computing and communication resources, making it difficult to implement strong security protocols and algorithms that can ensure that the confidentiality, integrity, availability, accountability, and nonrepudiation security requirements of IoT data and systems are satisfied. Hence, the security measures often designed and implemented to secure IoT data and systems are not sufficient, making IoT systems vulnerable to several types of cybersecurity attacks and more straightforward to compromise.

As IoT devices are being integrated into existing systems of businesses, personal devices, household systems, and critical infrastructure, they are becoming attractive targets for cybercriminals, making them vulnerable to constant attacks. Cybercriminals are often searching for security weaknesses (vulnerabilities) in IoT devices that they can exploit in order to steal or damage data, disrupt the quality of service, or coordinate the devices to conduct large-scale attacks such as DoD/DDoS attacks or any attack to compromise other systems, especially critical infrastructures.

Given the severe risk posed by security weaknesses in IoT systems to IoT services and other services in society, including the possibility of causing the loss of human lives or disrupting society, it is crucial to identify and address IoT security vulnerabilities before cybercriminals can exploit them. The proliferation of diverse IoT devices across various sectors in society with very little or no standardisation and regulation has increased IoT vulnerabilities and attack surfaces that cybercriminals can leverage to compromise the data collected using IoT devices and to compromise existing systems. Some of the IoT security vulnerabilities include the following (figure 1):

• Embedding of passwords on the IoT devices: To facilitate remote technical support, IoT engineers and developers must remotely access the devices for configuration during deployments and troubleshooting during the operations and maintenance of IoT networks with many devices. This makes it easy for cybercriminals to access and exploit IoT devices for malicious purposes.
• Lack of authentication: Sometimes, some IoT manufacturers ship devices without incorporating any authentication mechanism, making the devices vulnerable to unauthorised access by malicious attackers, which violates the confidentiality, privacy, and integrity of IoT data. They may also take over the devices and use them for malicious purposes. Thus, devices without any form of authentication are rugged devices that can be used as an attack surface to conduct advanced attacks on IoT systems and other critical resources.
• Weak passwords: To make their devices easy to use, device manufacturers ship devices with default security such as hardcoded passwords, which users cannot change, default usernames and passwords, or provide a simple way of logging into the device. Since the manufacturer's security credentials are easy and never changed, attackers usually exploit them to gain access to the device, compromising the confidentiality and integrity of the data. They can use the devices for further attacks.
• Backdoors: Most IoT manufacturers create hidden access mechanisms called back doors (user-id/password or open ports) to permit them to support the devices. Attackers often access these back doors and then exploit them to launch attacks (e.g., botnets and other malware attacks).
• Failure to install security patches and updates: Some IoT manufacturers do not provide a simple and effective way to install security patches and updates, making it difficult for IoT service providers to resolve security vulnerabilities before cybercriminals can exploit them. Unlike traditional computer systems with mechanisms for continuous installation of security updates and notification of security changes due to updates, IoT devices are straightforward and lack these features, making them vulnerable to cyberattacks. Also, due to their simple nature, IoT devices are vulnerable to attacks such as unauthorised software and firmware updates. IoT manufacturers do not even release patches or updates of the software on their devices, and attackers exploit them. And even if patches and updates are released, users have difficulties adding them to the device, and most of the vulnerabilities in these devices are never patched
• Poorly protected network services: The wireless communication channel between the IoT device and the access point or gateway is a significant attack surface often used to attack IoT devices. Unencrypted communication channels are one of the network vulnerabilities due to unprotected network services. Because of the energy, cost and processing power constraints, most IoT manufacturers do not implement cryptographic mechanisms to ensure secure communication. This makes it easier for attackers to launch man-in-the-middle attacks on IoT networks. Confidential data, including authentication credentials, can be compromised and used to launch further attacks, such as DoS/DDoS attacks, without protecting the communication between the IoT devices and the servers. Also, there are some unnecessary services, such as unprotected ports, that cybercriminals can exploit. Failure to disable unused ports or protect used ports with a firewall leaves them vulnerable to cybersecurity attacks.
• Internet exposure: Some IoT devices are connected directly to the internet without firewalls or any form of security mechanism and are likely to be attacked.
• Unprotected interfaces: Some vulnerabilities in IoT systems can be introduced by poorly secure or unprotected interfaces (e.g., web, backend APIs, cloud, fog interfaces), which make IoT devices and other resources vulnerable to cyberattacks. Weak (and sometimes lack of) authentication/authorisation and cryptographic mechanisms make the communication through these interfaces vulnerable to cyberattacks as there is access control to essential resources, lack of accountability, and protection of data and systems from being compromised.
• Use of outdated components: Sometimes, IoT device manufacturers cannot resolve hardware or software security vulnerabilities discovered in IoT devices, forcing IoT service providers to keep using the devices without any security improvements to address the known vulnerabilities. These outdated devices with well-known security vulnerabilities become sweet pots for cybercriminals to exploit, compromise, and damage IoT systems and resources.
• Supply chain vulnerabilities: The IoT supply chain consists of manufacturers (manufacturers of semiconductor chips, hardware parts, IoT devices, software), distributors, vendors, service providers, and users. Vulnerabilities may be introduced into the IoT devices at any stage of the supply chain. It could be a piece of compromised software or hardware manipulated or installed to introduce security weaknesses that make IoT devices vulnerable to IoT attacks or easy to compromise. The objective of supply chain attacks could be cyberespionage (data theft or compromise) and exploiting the devices to launch sophisticated cyberattacks. Poorly designed third-party software (such as libraries, drivers, kernels or hardware components) installed on the devices or part of other applications or firmware may introduce vulnerabilities that may eventually be exploited to compromise the devices or use them for further attacks on infrastructures. One of the sources of supply chain vulnerabilities is the use of third-party software and hardware components without adequately checking for security vulnerabilities and resolving them before incorporating the components into IoT products. In some instances, IoT device developers sometimes copy codes from online sources and add them to their programs for IoT devices to get the desired functionalities of the device running. Another form of supply chain vulnerability is implementing very little or no security mechanism on IoT devices by device manufacturers or developers (when deploying the device), making them vulnerable to attacks. One of the significant challenges of supply chain attacks is that the users are unaware of these weaknesses and how many devices in their infrastructure from different manufacturers possess such vulnerabilities.
• Outdated firmware: After IoT devices are deployed, some IoT service providers do not update the firmware or software running on the devices for a long time. Some do not update at all, leaving them with vulnerabilities that may be exploited.
• Poor device management strategies and policies: Some IoT devices are deployed without unique identifiers to enable the tracking, monitoring, and management of IoT devices. As a result, some IoT nodes sit on the infrastructure without being adequately monitored and managed to ensure any vulnerability can be identified and resolved. If the cybersecurity department is unaware of some IoT nodes' presence, they cannot protect them, leaving them vulnerable to attacks. Some IT administrators neglect IoT nodes without giving them the same security efforts they do for traditional computing and networking nodes and do not list them on the inventory of assets that need to be protected; thus, the devices are rarely updated and maintained to ensure that they cannot be compromised or exploited.
• Poor security key management protocols: If the cryptographic keys are compromised, the IoT devices become vulnerable to man-in-the-middle attacks and other attacks that could disrupt the IoT service or compromise the IoT data.
• Poor physical hardening of the IoT devices: The fact that IoT nodes are often deployed in outdoor or remote environments makes them physically accessible to criminals who could compromise them. A criminal could either physically damage the device, extract information, or manipulate it so that it cannot perform its normal functions. For example, an attack may copy the data stored in the device's memory and may even replace some components with compromised ones, which could give them remote access to the devices.
• Data management vulnerabilities: For large-scale IoT deployments with thousands, tens of thousands or hundreds of thousands of IoT nodes, the sheer volume of IoT data collected is so huge that traditional data management systems may be unable to handle them securely. That is, the confidentiality and integrity of the data may be compromised due to data storage, processing, and retrieval vulnerabilities in data management systems, which get worse with the scalability of IoT assets.
• Vulnerabilities standardisation: Although there are many efforts to ensure proper standardisation in the IoT ecosystem, there are standardisation and interoperability issues. Designing an integrated security system to protect IoT devices from different manufacturers with diverse vulnerabilities is challenging. The diversity of IoT devices from various manufacturers makes integrating IoT devices into existing security frameworks difficult, resulting in weak IoT security or security being taken for granted, leaving the devices vulnerable to attacks.

Although IoT vulnerabilities cannot all be eliminated, there are best practices that can be adopted to ensure that IoT vulnerabilities are not easily exploited to compromise IoT data and systems. Some of the security measures and techniques that can be adapted to harden IoT security and mitigate the risk of an IoT attack resulting from the exploitation of any of the IoT vulnerabilities include the following (figure 2):

• Adoption of security by design principles: At every stage of the IoT lifecycle of the IoT systems, from the design, manufacturing, deployment, operation and maintenance to the decommission and disposal stage, security control measures should be considered and incorporated to ensure that IoT data is not compromised or that the device is not exploited to conduct sophisticated attacks. In this way, every stakeholder in the IoT device supply chain is aware of the various vulnerabilities and implements appropriate measures to resolve them and ensure that they cannot be exploited to compromise the IoT devices or data. Security by design requires close collaboration between IoT designers, engineers, and cybersecurity experts to ensure that security is among the key design criteria. Before IoT devices are released to the market and deployed, there should be a challenging security assessment (e.g., penetration testing or vulnerability scanning) to identify potential vulnerabilities in IoT hardware or software components and communication protocols. If some vulnerabilities are found, they should be resolved as quickly as possible.
• Design and enforcement of strong password policies: Devices with hardcoded or embedded passwords should not be deployed in IoT infrastructures, and rather than hardcoding passwords on IoT devices, manufacturers should be required to provide the option for users to create user names and passwords for their devices. Default user names and passwords on IoT devices, access points and gateways should be changed. The passwords should be strong enough, and simple and overused passwords should be avoided. Using new, unique, and complex passwords that follow strong password policies is essential. Effective password management policies should be implemented, making it easy to quickly and securely update and reset passwords.
• Mandatory authentication: Every IoT device should be required to authenticate before joining the network, and those without authentication mechanisms should be rejected. This implies that every IoT device must be identifiable and can only be admitted into the network after proper authentication. If possible, multifactor (e.g., two-factor) authentication should be implemented. These measures will ensure that only authorised users and IoT devices can access IoT resources, reducing the risk of a security breach.
• Implementing effective network security mechanisms: IoT network services and protocols should be adequately protected. Port forwarding should be disabled, and ports that are not needed should be closed. Authentication should be required to access IoT networks. Also, network security tools such as firewalls, intrusion detection systems, and intrusion prevention systems should be used to inspect the traffic coming from various sources, and malicious traffic sources should be blocked. Secure network protocols such as TLS/SSL and cryptographic protocols should be used to secure the communication channels. Network segmentation techniques should also be employed to isolate IoT networks from the rest of the infrastructure and to isolate the various IoT networks (especially those integrated with critical assets) to contain potential attacks on isolated segments and to mitigate the risk of compromising critical assets.
• Regular update of software and firmware: Regular installation of software and firmware updates ensures that the latest security patches are applied to fix security holes or gaps, reducing the chances that existing software security vulnerabilities can be exploited. Manufacturers should make the process of installing software and firmware updates or patches as simple or straightforward as possible. Ideally, it should be automatic or require just a single click without complex installation procedures.
• Avoid prioritising ease of use over security: Plug-and-play devices require very few or no additional settings or configurations, introducing vulnerabilities as they can easily be exploited. Avoid plug-and-play devices and other systems that are easier to deploy and use but easier to compromise.
• Securing the APIs: The APIs that facilitate the communication between the IoT devices, data collection points, and user interfaces should be appropriately secured by the implementation of strong authentication (e.g., OAuth for secure authentication), encryption (HTTPS to ensure that the data is encrypted), and access control mechanisms (e.g., validating every input to prevent inject attacks) ^[1]. Thus, implementing API security techniques prevents unauthorised devices and users from accessing the IoT devices and compromising the IoT systems or data.
• Validating firmware using secure boot mechanism: This ensures that the device is running authorised firmware, protecting the device against malicious software and firmware tampering. In this way, the device verifies the digital signature of the firmware during the boot process. It prevents the execution of unauthorised or modified firmware, ensuring the device's integrity. Thus, manufacturers should incorporate mechanisms to verify the authenticity of the firmware at startup and to securely update the device, which will ensure the security of the devices throughout their lifecycle^[2].
• Use of secure key management systems: Cryptographic keys should be appropriately managed. In the case of an asymmetric encryption scheme of securing commutation to servers in IoT infrastructures, the PKI and digital certificate infrastructure should be used to ensure the secure management of the keys and to maintain trust.
• Mitigate risk from outdated components: Vulnerable devices should be updated, replaced, or removed from the network. Deploying an effective monitoring system to ensure tighter monitoring and controls to spot and resolve vulnerabilities quickly can achieve this.
• Implement and enforce zero-trust policies: This means that all devices and users inside and outside the IoT network/infrastructure must be verified, authorised, and evaluated continuously to ensure that they are not a threat or could introduce some vulnerabilities. Over time, users or devices may be compromised and become a threat to critical resources. Thus, automated zero-trust policies are crucial and must be enforced.
• Leverage machine learning tools: Use machine learning tools to automate security tasks like vulnerability and attack detection and mitigation techniques. AI tools are a practical approach to detecting vulnerabilities and attacks in IoT networks. They will be very useful for very large IoT networks. They have been added to security systems such as SIEM systems to detect vulnerabilities, threats, and attacks.
• Training of staff: Continuous training of IoT designers, developers, and engineers on best security practices will ensure that they do not design, manufacture, or deploy devices with vulnerabilities that may result from an error or carelessness in the design, manufacturing, and deployment process.
• Continues education of consumers: Many manufacturers neglect security features because users focus more on their desired functionality, ease of use, and cost and rarely pay serious attention to security. Users sometimes misuse the devices and fail to install updates and patches. Continued education of users could be beneficial.
• Physical protection of the devices: Appropriate measures should be taken to ensure that the device is not physically compromised, and if such an event should occur, it should be easily detected. Appropriate measures should be taken to ensure that data is not compromised and the device is not exploited for further attacks.
• Implement cyber supply chain best practices: To reduce supply chain vulnerabilities, follow secure software development lifecycle methods, conduct a thorough review of code from internal and external sources, avoid using counterfeit hardware and software from very untrusted sources, and review the design and development processes for software and hardware from third parties. Also, check the processes for addressing vendor vulnerabilities ^[3].