Whether you want to switch on the lights at home while you are at the office, or lock or unlock a door, preheat the oven, turn on a fan, or turn off a TV, IoT allows you to do it all remotely with just a few clicks on your smartphone.
With Internet of Things (IoT), just about anything can be connected to the internet: baby’s diapers, clothing, vehicles and, of course, homes, and even pets and crops.
As exciting the prospects that IoT brings, every connected device you own becomes an IoT security threat.
The more your smartphone is capable of, the more personal information will be stored, and this makes your smartphone and anything connected to it vulnerable to various types of attacks.
76% Of risk professionals say that cyber attacks on their organisations are most likely to be executed through IoT. (Source)
IoT security aims to protect IoT devices and networks against cybercrime.
IoT security challenges faced by telecoms
IoT offers a huge amount of opportunity for telecoms, such as enhancing offerings and increasing market growth. But with the increased number of enabled devices accessing the core network, operators will need to plan for the worst, putting in preventative measures to stop the worst possible scenarios.
The consequences of an attack can have serious repercussions, not only for the customer but also for the operator, as any connected device hijack can be a potential entry point to the network for an attack.
Examples of IoT threats for telecoms
Man in the middle: hacker attempts to interrupt and confuse communications between two different systems which can result in severe consequences as the hacker secretly intercepts and sends messages between the two parties who believe they are communicating directly with each other.
Denial of Service: a large number of systems maliciously attack one target. Denial of Service doesn’t usually attempt to steal information, nor does it lead to security loss. Instead, it’s the loss of reputation that may cost a lot of time and money, and subscribers may also fear further security issues which make them switch to a competitor.
Remote recording: cybercriminals record conversations of connected users. For example, a hacker attacks a smart camera and records video footage of activities in the organisation in order to secretly acquire confidential business information.
To prevent issues such as these, it’s essential that access to IoT devices should be through a controlled and secure environment that first authenticates and authorises the user or the application before allowing access to the network core.
Industries most vulnerable to IoT security attacks
While medium-sized companies are embracing the Internet of Things devices, for the most part, they don’t always implement the right security measures to protect their data. According to a study, one in eight mid-sized businesses have been the victim of an IoT cyber attack.
The following industries are most susceptible:
- Industrial plants: a German steel mill was attacked by criminals using a combination of spear phishing and social engineering to access the company’s office network. From there, they accessed the production system and took over industrial control components in the plant.
- Cars: the most dangerous part for cars is the connected part. A few sophisticated, high-tech thieves use laptops to steal cars, but the threats can be even more ominous if a malicious criminal gains access to controlling a person’s vehicle.
- Video cameras: wireless networks that transfer video signals can be insecure. Video cameras, as well as other IoT devices can be used to create botnets to send spam and ransomware, launch DDoS attacks, and commit other malicious behaviour.
Read more about the industries that are most at risk of IoT hacks.
Protecting IoT devices and systems
Telecom operators must ensure that any connection from the IoT device to the core network over S1 and Gb interfaces is wholly authenticated, and to do this, they will need to invest in and revisit the capabilities of their GTP and SCTP protocols, so that they can handle the hundreds of connections into the core network.
Together with a highly reliable SCTP protocol, telecom operators should implement a DTLS module.
More organisational IoT security tips here.
With any IoT deployment, it is critical to weigh the cost of security against the risks prior to implementation.
IoT offers a wealth of opportunities for telecom operators, but if it’s not going to end up being a short-lived fad, security must be taken very seriously.
Attacks on networks can cause great destruction to the end-user whose devices and life may even be at risk, and also for operators, who can have their reputation shattered in seconds if vulnerabilities are exposed and publicised.
Now is definitely the time to construct foundations to get ready for peak IoT and secure their future.