Six kinds of attack surfaces of Internet of Things devices and their responses

According to Gartner's latest report, nearly 20% of organizations have observed at least one IoT- based attack in the past three years. In response to these threats, Gartner predicts that global IoT security spending will reach $1.5 billion in 2018, an increase of 28% from $1.2 billion in 2017.

For the security of IoT devices, it is necessary to increase the cost of hackers attacking IoT devices and reduce the security risks of IoT devices. We will conduct security assessment analysis from six attack-facing devices and provide countermeasures.

Attack surface 1: hardware interface

The storage medium, authentication method, encryption means, communication method, data interface, peripheral interface, debugging interface, and human-computer interaction interface of the Internet of Things terminal device can all become attack surfaces. Many vendors have retained hardware debugging interfaces in IoT products. For example, you can control the running state of the CPU, read and write memory contents, debug the JTAG interface of the system code, and view the serial port of the system information and application debugging. These two interface access devices generally have higher system privileges, causing major security risks. In addition to this, there are I2C, SPI, USB, sensors, HMI, and so on. There are also various internal, external, persistent and volatile storage related to the use of hardware devices, such as SD card, USB carrier, EPROM, EEPROM, FLASH, SRAM, DRAM, MCU memory, etc., which may become hardware attack surfaces.

Countermeasures: IoT devices need to consider security at the beginning of design, ensuring that attackers cannot obtain and tamper with related resources. At present, Arm is learning from the successful implementation of TEE in the trusted execution environment of mobile terminals, and transplants TrustZone technology to Cortex-M series. In the chip platform, this is a security consideration from the chip level to ensure device security from the source.

Attack surface 2: brute force

At present, most IoT terminals are single CPU + sensor architecture + communication modules, and most software designs only emphasize the level function. But we say that boot security and root key security are the foundation of all device security. All business logic and device behavior are based on these two security functions. Hackers are very likely to brute force the device, obtain device information, communication data, and even Replace the remote device image and disguise it as a qualified terminal.

Response: Security boot and root key security can be guaranteed by using the security chip SE. This is also the most effective way to solve the Internet of Things security and form a secure and compliant IoT terminal at the technical level.

Attack surface three: software defects

Software defects are mainly manifested in software bugs, system vulnerabilities, weak passwords, information leaks, and so on.

For example, most IoT devices currently use embedded Linux systems. Attackers can exploit system vulnerabilities through various unrepaired vulnerabilities to obtain authentication passwords for system-related services.

For example, the appearance of weak passwords is generally caused by the built-in or poor user password setting habits. In this era of mobile Internet is the same reason.

For example, most IoT device vendors do not pay attention to information security, and the leaked information greatly facilitates the attacker's attack on the target. For example, when testing the security of a camera of a certain manufacturer, it is found that the hardware model, hardware version number, software version number, system type, logged-in user name and encrypted password, and password generation algorithm can be obtained. The attacker can obtain the plaintext password through brute force.

For example, developers lack security coding capabilities and do not strictly filter and validate input parameters, resulting in remote code execution or command injection when calling dangerous functions.

Countermeasures: Software defects, on the one hand, need to strengthen the security development process in the product development process, on the other hand, the security management process. The product development process needs to follow the security coding specification to reduce the vulnerability and reduce the potential risks. The IoT device needs to access the Internet of Things in a globally unique identity. The connection between the devices requires trusted authentication, ensuring in the IoT device. There is no backdoor command or backdoor code. For user authentication, it needs to be designed to be set by the user and configure a strong password policy when configuring and using the device for the first time. Remove the debug version code in the release version, remove the JTAG interface and COM port, and close unsafe services such as SSH, telnet, etc.

Attack surface four: management defects

The problem caused by management defects is the biggest and most unpredictable problem of security. Although it is reflected in the technology, such as weak passwords, such as debugging interfaces, such as device LOG information leakage, etc., but without exception, it is caused by security development management defects.

For example, when designing a product, it does not take into account authorization authentication or permission management for certain paths. Anyone can obtain device control rights with the highest system privileges.

For example, developers may hardcode some specific account authentication into the code for debugging purposes. These accounts are not removed after shipping. As long as the attacker obtains these hard-coded information, he or she can gain control of the device.

For example, the developer has defects in the user authentication algorithm or implementation process originally designed. For example, a camera has a URL path that does not require permission to set the session. The attacker only needs to set the Username field to admin and then enter the login authentication page. The system is found to require no authentication and is directly admin.

Countermeasures: Information network security needs to be carried out in various processes of the product, including company management processes, professional product safety testing before equipment is listed, and reducing the security risks of IoT equipment.

Attack surface five: communication method

The communication interface allows the device to communicate with devices such as the sensor network, the cloud backend, and the mobile device APP. The attack surface may be the firmware or driver code implemented by the underlying communication.

For example, a man-in-the-middle attack generally has two modes of bypass and serial connection. The attacker is in the middle of the link between the two ends of the communication, and acts as a data exchange role. The attacker can obtain the user authentication information and the device control information through the intermediary, and then use the playback. The mode or wireless relay mode obtains control of the device. For example, by decrypting HTTPS data through a man-in-the-middle attack, a lot of sensitive information can be obtained.

For example, wireless network communication interfaces have some known security issues. From an attack point of view, attacks or even physical damage, DOS, security verification bypass, or code execution can be formed on the wireless chip.

For example, Ethernet device interfaces such as the wifi interface have some underlying TCP/IP communication vulnerabilities, hardware implementation vulnerabilities, and other attack vectors.

For example, wireless communication (and BLE), ZigBee, Zwave, NFC, RFID , LoRA, Wireless HART, and so on.

Response measures: There are many kinds of IoT terminal devices, specific application scenarios are abundant, communication methods are various, and in the process of constant change, this is the weakest and most difficult problem for IoT security. Security mechanisms can be built in to increase the difficulty of exploiting. Manufacturers can push updates to users through incremental patching. Users need to update firmware in time.

Attack surface 6: cloud attack

In recent years, IoT devices have been gradually managed in the cloud. Attackers can exploit the cloud provider vulnerability, the vulnerability on the mobile terminal APP, and analyze the communication data of the device and the cloud to forge data for replay attacks to obtain device control. .

Response: It is recommended to deploy the overall security solution provided by the vendor. For example, the current IFAA technology solution can be used for secure identity authentication and data security if it is applied to the Internet of Things. Another example is the ICA Alliance led by Ali, which has also done some useful work in this regard.