Security threats in IoT
Different types of security attacks in Internet of Things
1. Cloning of Things
Cloning is making the similar physical and behavioral copy of existing thing. Cloning of things in Internet of Things is making the device that holds the exact behaviors of the existing device in the market. By cloning things any manufacturer can make things and include the properties of the things like physical configurations or behaviors. In Internet of Things devices interact with humans as well as other devices to share the information. If the cloned device is programmed to pass the user sensitive information to the untrusted servers, it may cause serious problems to the user. So when ...view middle of the document...
So if an untrusted device is fixed in the home it will not only listen to the messages that are intended to it but also to all the messages. This problem may be reduced by having different routers for the communication. Using different ports for internal and external communications reduces the risk of eavesdropping of messages. Manufacturers should have a protocol to protect the messages being listened by the untrusted devices. To protect customers, manufacturers should have a protocol like cryptography in which the messages are encrypted at the sender side and only the legitimate receiver can decrypt the messages.
Figure 4.1 : Eavesdropping Attack
In the above diagram, attacker listens to the hub that is connected to the servers and device. Device sends its id and password to the hub; attacker listens to the hub and hijacks the id and password of the device.
4. Man in the middle attack
A home appliance device or a wearable device tries to post an update to the server that has requested some information. Devices try to respond back to sender through the same channel it receives the request. The server that requested the information may be impersonating a real server and receives the information. As the loss of information is considered to be the most security threat on the internet the same goes with IoT too if no preventive measures are taken.
Figure 4.2: Man in the Middle Attack
In the above diagram, the original connection between the IoT Device and the webserver is bypassed by an attacker. Attacker behaves like the middle man and can have access to all the packets passing through this connection.
5. Firmware replacement attack
When a device is up and running, it receives a firmware upgrade notification to upgrade to the latest firmware. Usually firmware is upgraded to add new functionality or for bug fixes. If the device receives firmware update from untrusted source in which some malicious functionality has been added. If the device upgrades its firmware without authenticating the server, it may send the usage statistics of the device to the untrusted source.
6. Physical Threats
As the things are not physically protected, keys or the mac ids of the devices can be noted down by someone who examines the device physically. By using the keys, device can be hacked and can be used to block the network.
Figure 4.3: Physical...