2. IOT components
- Sensors allow IoT devices to provide a reading from the physical world such as room temperature or motion sensors.
- Actuators allow to control a physical component such as moving an object on the device or unlocking the door.
- Network Communication to send and receive data from other devices and systems. This also includes application programming interface (API) that allows interaction with other programs or devices.
- User Interface provides a mechanism for the end user to interact with the device such as voice control or touch screens.
- Management Interface that can be used to configure the device and modify the settings including security settings.
3. IOT risks
- IoT devices interact with the physical world which makes protecting these devices more important. A compromised device may allow remote monitoring through security cameras or changing the room temperature for instance.
- IoT devices come in much larger numbers compared to normal IT systems which makes scalability an issue for normal processes such as asset management. In addition, IoT devices come in various types and from diverse vendors with each device having different protocols and requirements .
- Another important factor to consider is that many IoT devices cannot be centrally managed and configured. Some devices are treated as black boxes and do not provide the status of their software or firmware level so it would be difficult to follow normal vulnerability management practices.
- IoT devices have much lower memory and computational capabilities compared to normal IT systems. Therefore, it would be difficult to employ standard IT security solutions which normally require high computational power such as encryption services.
- Application: some attacks target the application that is used to interact with the IoT device. These applications are used to access and configure the IoT device and gaining access to these applications presents a significant risk.
- Hardware: since IoT devices are designed to be located in public areas, attackers can gain physical access relatively easily. Therefore, hardware attacks are an important vector to consider.
- Network: IoT devices are prone to typical network attacks. Eavesdropping attacks can be a real threat considering that a lot of IoT vendors may use weak encryption ciphers for communication or no encryption at all due to limited computing resources on the IoT device.
- Platform: A lot of IoT devices communicate through a platform such as cloud. This opens an indirect attack channel.