In the following article, I will be going over all things IoT:
- What is IoT?
- How do IoT devices work?
- Importance of securing IoT
- Most Common Attack Vectors
- Best Practices
What is IoT?
IoT, or Internet of Things refers to a network of interconnected devices that may range from laptops, smartphones, wearables, sensors and more.
As evident by the name, IoT devices are typically interconnected through the Internet or various wireless protocols such as Bluetooth, WIFI, LTE/5G among others. IoT devices are equipped with sensors that provide the ability to interact with the physical world, be it a heart-rate sensor in Smart Watches or AI powered cameras that allow Tesla vehicles to be self-driven.
The communication that is propagated from IoT connected devices is in most cases seamless and automatic, which often people take for granted as something that “just works”. In reality, there is a lot going on behind the scenes, which we will get into in the next section.
IoT makes our lives much easier in many cases, but they also introduce concerning problems that need to be tackled before they get out of hand.
- Accessibility: Data gathered from IoT devices are accessible from the cloud, which makes integration much easier.
- Automation: The automation of tasks relegated to IoT devices enables humans to focus on other pertinent matters.
- QoL: Improvements in Quality of Life, with the advent of fitness trackers, home security systems, car sensors that improve road safety and many others.
- Cost-Effective: IoT devices can aid in reducing costs of various services, by returning data that allow us to fine-tune systems and infrastructure.
- Privacy: The prevalence of IoT devices is a concern for many, given the data being collected about anything and everything.
- Security: Insecure IoT devices can be victims of cyberattacks, the consequences thereof ranging from mildly inconveniencing to, life-threatening.
- Dependencies: Seeing how IoT devices are by and large reliant on Internet connectivity for effective cloud communications, measures must be taken to account for loss of connection.
- Environmental: The exponential production of IoT devices contribute to electronic waste, which necessitates proper waste management.
How do they work?
IoT devices generally communicate with each other and the Internet in one of four methods: Request-Response, Publisher-Subscribe, Push-Pull, and the Exclusive Pair Model.
Request-Response: AKA the client-server architecture, is a stateless model in which requests are sent to a server in encoded format, the server retrieves the relevant data and sends the data back to the client in encoded format.
Publish-Subscribe: This communication methods involves three parties, a Publisher, Broker, and Subscriber.
The publisher is the entity that gathers data and pushes it to the Broker, which is an intermediary server. The Broker contains various Topics, to which Subscribers are, well subscribed to. Upon the pushing of data from the Publisher, the Broker automatically pushes relevant data to Subscribers that are subscribed to the pertinent topics, as demonstrated in the screenshot.
Push-Pull: There are two primary parties involved in this specific communication mode, the Data Producer and Data Consumer. Data Producers push data in Queues, which act as a buffer between the Data Producer and the Data Consumer, and the Data Consumer retrieves the data from the Queue.
A Queue behaves like a buffer in the sense that in the event of a mis-math in the push/pull rate, the Data Consumer is not overwhelmed with data, rather it can pick and choose data to retrieve according to the its pull rates.
Exclusive Pair: The exclusive pair is most reminiscent of a typical TCP connection, in which a stable connection is formed, communication is conducted, and then the communication channel is officially closed.
This model is stateful unlike the Request-Response model, in that the server keeps track of previous communications made and keeps those requests in context.
Protocols Employed by IoT Devices
Message Queuing Telemetry Transport is a light-weight protocol that is designed specifically for IoT devices.
It utilizes the Publish-Subscribe communication model described earlier.
MQTT uses port 1883 for unencrypted communications, and port 8883 for communications over TLS/SSL.
One of the primary advantages of this specific protocol is its variability and flexibity. It provides three levels of Quality of Service, which is an agreement between the client and server as to the delivery of the message:
QoS 0: At most once
QoS 1: At least once
QoS 2: Exactly once
In scenario 0, the sender sends a message, and there is no acknowledgement from the receiver.
In scenario 1, the sender sends a message, and will re-send the message until it receives confimations that it has been received.
In scenario 2, prior to any messages being sent a sequence of handshakes are conducted to ensure the viability of the connection, and that any message sent will not be needed to be sent again.
Additionally, the protocol’s communications is asynchronous, meaning communications can occur independent of the various entities in play.
The protocol employs a Keep-Alive mechanism between subscriber and broker, with PINGREQ sent to the broker, and if still active a PINGRESP is sent back. In the event that the broker does not respond, the connection is terminated.
The flexibility of MQTT makes it a prime choice for many low-bandwidth IoT devices that don’t necessarily need guarantees that every message reaches its destination.
While HTTP is most notably known for enabling communications over the internet, HTTP plays an integral part in IoT communications well.
Unlike MQTT, HTTP uses the Request-Response communication model, which is Stateless.
IoT devices typically utilize HTTP for communicating with RESTful APIs, with requests being forwarded in the form of URIs to specific endpoints.
Due to the nature of the protocol, the communication method is synchronous, meaning the client will only receive responses to requests it has conducted.
HTTP is not as efficient as MQTT in various scenarois, including the amount of bytes per message, response times and synchronous nature.
Advantages of HTTP over MQTT rest in the prevalence of support for HTTP, the odds of HTTP clients existing in an IoT device, support for web services and the initial cost of setting up MQTT.
Constrained Application Protocol is a protocol that is designed for low-powered IoT devices, capable of interacting with webservers and RESTful APIs with common HTTP methods, such as GET, POST, PUT and DELETE.
While MQTT and HTTP utilize TCP/IP, CoAP uses UDP and DTLS, which is a UDP protocol secured by TLS.
The communication methods used by CoAP are either Request-Response or Publish/Subscribe.
Like MQTT, there are three Quality of Service levels:
Non-Confirmable CON: Message is sent without concern as to whether it arrived.
Confirmable ACK: Acknowledgement is sent to the sender.
Acknowledgement ACK: Aknowledgement is sent embedded in the response,saving overhead.
The strengths of CoAP come into play when embedded into devices that require lower powered transmissions, while maintaining the capabilities of communicating through ever-prevalent HTTP methods.
There are many more protocols used by IoT devices, the ones mentioned are just a few taken off the most prevalent ones.
Importance of Securing IoT Devices
IoT devices are only becoming more and more common. In 2023, the number of IoT devices sits around 19.8 billion, with a whopping 30 billion projected by 2027.
Slowly but surely IoT is replacing the mundane day to day tasks, and consequently we become more and more reliant upon them.
The importance of securing IoT devices is paramount, given that IoT devices govern a shocking amount of sensitive and at times deadly data.
Most Common Attack Vectors
IoT cyber-attacks come in all shapes and sizes, and while some of them are very similar to the attack vectors we are familiar with, there are some that are unique to the field of IoT.
- Weak Encryption: IoT devices are seldom powerhouses of technological prowess. Very often IoT devices are low-powered and attempt to conserve as much energy as possible. This leads to manufacterers leaving out security measures such as usage of secure protocols and encryption. This lack of secure communication transmission can lead to sniffing and MITM (Man in the Middle) attacks, which at best can read uncrypted traffic, and at worst end in loss of human life (depending on the IoT device in question).
- Outdated Firmware: Malicious actors and defenders are at a constant battle, and it is never-ending. Manufacterers issue updates firmware found to be vulnerable, and keeping them up to date is vital for the security of the device in question.
- Physical Hacking: Often times IoT devices are left to their devices in open places. Given the opportunity, malicious hackers may physically disassemble a device to decipher its inner workings and plan accordingly, or by adding their own equipment to the device to relay traffic back to the attacker.
- Firmware Spoofing: Malicious actors can combine the strategies of software manipulation and social engineering to craft a faulty firmware specific to an IoT device, and convince the owner of the device to install said firmware either by way of constructing a website that is similar to that of the manufacterer or good old e-mail phishing.
- Signal Spoofing: IoT devices dependant on wireless signals such as Wifi, Bluetooth, NFC or Zigbee, malicious actors can exploit vulnerabilities in the IoT device by using various devices such as the Flipper to capture the back and forth communications and crack the encryption offline. Another probability is the attacker replaying signals it has determined are valid to the relevant device, and eliciting different reactions which may result in Information Disclosure.
There are numerous steps one can take to protect oneself from malicious actors in the realm on IoT. The chief ones being:
- Changing default credentials. Often times IoT devices arrive from the manufacturer with default credentials, and once configured to the needs of the user is forgotten. Keeping default manufacturer credentials such as “admin” and “password” is the reason for numerous break-ins and takeovers.
- Regularly updating the firmware of the device is paramount. Novel and new ways to attack software is invented every day, and firmware updates are the manufacturer’s way of preventing that from happening.
- Segmentation: Introducing a new device on an insecure network puts the new IoT device at risk. Keeping vulnerable and old devices isolated from the network that sensitive IoT devices are using is strongly recommended.
- Disabling the UPnP service. UPnP is a set of protocols that enable communication between entities on a network, and it is very insecure.
- Implementation of Zero-Trust: Not all IoT devices are created equally. Some are more useful than others, while some are crucial. Keeping devices on a need to know basis and blocking information that is not necessary for them to attain is best practice, as it would limit hackers’ abilities to breach a network in the event they access a non-crucial device.