Internet of Things Devices

Designing and securing IoT systems like Supervisory Control and Data Acquisition (SCADA), Industrial Internet of Things (IIOT) and Industrial Control Systems (ICS) can be extremely complex. IoT solutions have challenging integration requirements and growth is expanding beyond the support capability of the traditional IT stakeholders. In many cases, IoT environments span a large range of components, including sensors, gateways, network connectivity, applications and cloud infrastructure.

IoT Protocols

Some of the most common protocols for IoT implementations are:

• Wi-Fi

• Bluetooth and Bluetooth Low Energy (BLE)

• Zigbee

• Z-Wave

• LoraWAN

• Insteon

• Modbus

• Siemens S7comm (S7 Communication)

BLE is used by home devices, medical, industrial and government equipment. BLE can be analysed with specialised antennas and equipment. BLE is a three-phase connection protocol:

1. Pairing Feature Exchange

2. Short-Term Key Generation

3. Transport-Specific Key Distribution

BLE supports AES for encryption and key distribution exchange to share different keys among BLE enabled devices.

IoT Security Special Considerations

• Fragile Environments: Many IoT devices have limited compute resources, because of this, features like encryption may not even be supported.

• Availability Concern: DoS against IoT is a major concern.

• Data Corruption: IoT protocols are susceptible to input validation vulnerabilities.

• Data Exfiltration: IoT devices can be manipulated by an attacker and used for sensitive data exfiltration.

Common IoT Vulnerabilities

• Insecure Defaults: default credentials/insecure default configurations are often concerns with IoT devices.

• Plaintext Communication and Data Leakage: Many IoT devices fail to implement encrypted communications, allowing attackers to potentially steal sensitive information.

• Hard-Coded Communications: IoT vendors often sell products with hard coded configurations or credentials.

• Outdated Firmware/Hardware and the use of Insecure or Outdated Components: In many cases, IoT devices are never updated. IoT devices often require physical presence to update, and lack a secure update mechanism.

Data Storage System Vulnerabilities

IoT architectures extend from endpoint devices ("things") to intermediary "fog" networks and cloud computing. Gateways and edge nodes are devices like switches, routers and computing platforms which act as the fog layer between endpoints and higher layers of the IoT system.

Some of the most common misconfigurations in IoT devices and solutions are:

• Default/Blank Username/Password: Hardcoded or default credentials left in place by administrators or developers can expose devices or cloud environments.

• Network Exposure: Many IoT, ICS and SCADA systems should never been exposed to the internet. For example Programmable Logic Controllers (PLCs) controlling turbines in a power plant should never be exposed.

• Lack of User Input Sanitisation: Input validation vulnerabilities in protocols like Modbus, S7 Communication, DNP3 and Zigbee can lead to DoS or code execution.

• Underlying Software Vulnerabilities and Injection Vulnerabilities: IoT systems can be vulnerable to SQL injection and similar vulnerabilities.

• Error Messages and Debug Handling: Many IoT systems include details in error messages or debug output can allow attackers to obtain sensitive information from the system and underlying network.

Management Interface Vulnerabilities

The Intelligent Platform Management Interface (IPMI) is a collection of compute interface specifications designed to offer management and monitoring independent of the host system's CPU, firmware and OS. IPMI can be used to manage a system that may be powered off or unresponsive by using a network connection to the hardware rather than to an OS or login shell.

An IPMI subsystem consists of a main controller called a baseboard management controller (BMC) and other management controllers called satellite controllers. The satellite controllers connect to the BMC via the system interface called the Intelligent Platform Management Bus/Bridge (IPMB). The BMC connects to the satellite controllers or other BMCs via the IPMB.

The BMC has direct access to the system's motherboard and other hardware, and could be leveraged to compromise the system.