Internet-scale Insecurity of Consumer Internet of Things

Mangino, Antonio; Pour, Morteza Safaei; Bou‐Harb, Elias

doi:10.1145/3394504

Cited by 23 publications

(28 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It allows shifting the paradigm "from the Internet of Things (IoT) to Internet of Intelligence (IoI)" to provide connectivity, while maintaining the ability to process knowledge and make decisions autonomously [47]. It aims to develop a novel methodology for fingerprinting IoT devices by building data-driven techniques rooted in machine learning methods, which allows unveiling compromised IP addresses throughout diverse geographical areas [5]. Moreover, and since there is a lack of effective IoT cyber risk management frameworks [69], of effective sensor networks [70], it raises the issue of a distributed denial of service (DDoS) in terms of classifications and opportunities for attacks, particularly in the health sector, in areas of limited security [22], while examining the changing legal environment in a IoT regulatory context [48].…”

Section: The Internet Of Things (Iot)mentioning

confidence: 99%

“…The IoT is a system where the Internet is linked to the physical world through sensors [2]. It can be deemed as the management of a network of devices, home appliances, and vehicles of the IoT, and is challenging due to the dynamic nature of the linkage between devices, actors, and resource constraints [3,4] involving hardware, software, sensors, and connectivity that allows them to connect, gather, and exchange data [5]. At the core of the IoT is the "smart factory", which comprehends several different elements: person, process, intelligent object, and technological ecosystem [6].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Cybersecurity in the Internet of Things in Industrial Management

Raimundo

Rosário

2022

Applied Sciences

View full text Add to dashboard Cite

Nowadays, people live amidst the smart home domain, while there are business opportunities in industrial smart cities and healthcare. However, there are concerns about security. Security is central for IoT systems to protect sensitive data and infrastructure, whilst security issues have become increasingly expensive, in particular in Industrial Internet of Things (IIoT) domains. Nonetheless, there are some key challenges for dealing with those security issues in IoT domains: Applications operate in distributed environments such as Blockchain, varied smart objects are used, and sensors are limited, as far as machine resources are concerned. In this way, traditional security does not fit in IoT systems. The issue of cybersecurity has become paramount to the Internet of Things (IoT) and the Industrial Internet of Things (IIoT) in mitigating cybersecurity risk for organizations and end users. New cybersecurity technologies/applications present improvements for IoT security management. Nevertheless, there is a gap in the effectiveness of IoT cyber risk solutions. This review article discusses the literature trends around opportunities and threats in cybersecurity for IIoT, by reviewing 70 key articles discovered from a profound Scopus literature survey. It aims to present the current debate around the issue of IIoT rather than suggesting any particular technical solutions to solve network security problems.

show abstract

Section: The Internet Of Things (Iot)mentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Cybersecurity in the Internet of Things in Industrial Management

Raimundo

Rosário

2022

Applied Sciences

View full text Add to dashboard Cite

show abstract

“…Finally, others, propose solutions to new wireless challenges such as the 6G, shifting the paradigm "from Internet of Things (IoT) to Internet of Intelligence (IoI)", to provide connectivity, while mantaining the ability to process knowledge and make de-cisions autonomously [47]. Developing thus a novel methodology for fingerprinting IoT devices, by building data-driven techniques rooted in machine learning methods, which allows to unveil compromised IP addresses throughout diverse geographical areas [5]. Also it focus on the issue of distributed denial of service (DDoS) scope, in terms of classifications and opportunities for attacks, particularly in the health sector, of limited security [22], while examining the changing legal environment in the IoT regulatory context [48]; 4.4.…”

Section: Internet Of Things (Iot)mentioning

confidence: 99%

“…However, IoT is fragile in terms of many security is-sues that are frequently highly demanding due to its complex context and a vast num-ber of tools, which present flaws in terms of resources [1]. IoT is a system where the Internet is linked to the physical world through sensors [2] and can be deemed as the management of a network of devices, home appliances and vehicles of the IoT that is challenging due to the dynamic nature of the linkage between devices, actors and re-source constraints [3,4] involving hardware, software, sensors, and connectivity which allows them to connect, gather and exchange data [5]. Central for for IoT is the "smart factory", in which comprehends diverse elements: person, process, intelligent object and technological ecosystem [6].…”

Section: Introductionmentioning

confidence: 99%

Cybersecurity in the Internet of Things in Industrial Management

Raimundo¹,

Rosário²

2021

Preprint

View full text Add to dashboard Cite

Nowadays, people live amidst the smart home domain, business opportunities in the industrial smart city and health care, though, along with concerns about security. Security is central for IoT systems to protect sensitive data and infrastructure, whilst security issues become increasingly expensive, in particular in Industrial Internet of Things (IIoT) domains. Nonetheless, there are some key challenges for dealing with those security issues in IoT domains: Applications operate in distributed environments such as Blockchain, varied smart objects are used, and sensors are limited in what comes to machine resources. In this way, traditional security does not fit in IoT systems. In this vein, the issue of cyber security has become paramount to the Internet of Things (IoT) and Industrial Internet of Things (IIoT) in mitigating cyber security risk for organizations and end users. New cyber security technologies / applications present improvements for IoT security management. Nevertheless, there is a gap on the effectiveness of IoT cyber risk solutions. This review article discusses the, trends around opportunities and threats in cyber security for IIoT.

show abstract

“…In addition, Internet measurements have been utilized to find insecurely configured embedded devices [10], detect compromised IoT devices [42,46,58], and study cloud usage as well as communication security of IoT devices [54]. Motivated by these observations, we set out to study whether modern Internet-facing industrial appliances that use the OPC UA protocol capitalize on the promised increases in security.…”

Section: Related Workmentioning

confidence: 99%

Easing the Conscience with OPC UA

Dahlmanns

Lohmöller

Fink

et al. 2020

Proceedings of the ACM Internet Measurement Conference

View full text Add to dashboard Cite

Due to increasing digitalization, formerly isolated industrial networks, e.g., for factory and process automation, move closer and closer to the Internet, mandating secure communication. However, securely setting up OPC UA, the prime candidate for secure industrial communication, is challenging due to a large variety of insecure options. To study whether Internet-facing OPC UA appliances are configured securely, we actively scan the IPv4 address space for publicly reachable OPC UA systems and assess the security of their configurations. We observe problematic security configurations such as missing access control (on 24% of hosts), disabled security functionality (24%), or use of deprecated cryptographic primitives (25%) on in total 92% of the reachable deployments. Furthermore, we discover several hundred devices in multiple autonomous systems sharing the same security certificate, opening the door for impersonation attacks. Overall, in this paper, we highlight commonly found security misconfigurations and underline the importance of appropriate configuration for security-featuring protocols.

show abstract

Internet-scale Insecurity of Consumer Internet of Things

Cited by 23 publications

References 37 publications

Cybersecurity in the Internet of Things in Industrial Management

Cybersecurity in the Internet of Things in Industrial Management

Cybersecurity in the Internet of Things in Industrial Management

Easing the Conscience with OPC UA

Contact Info

Product

Resources

About