How to tackle Security Loopholes of IoT Solutions ?

0 votes

I recently gain interest in both IoT and cybersecurity. I was amazed that the designers of these devices, which can vary in function and prices, almost always poorly implement security. here is an article related to these subject :

An alarm with no mecanism against bruteforce : https://www.pentestpartners.com/security-blog/hack-demo-video/disabling-wireless-alarms-issue-3-pin-brute-force/

There is several exemples of bad practices regarding the security of this kind of devices. So my question is the following :

Why is the security so often neglected in this field ? Is because of a lack a skill in the domain ? Is it because of laziness ?

Aug 23, 2018 in IoT (Internet of Things) by Matt
• 2,270 points
52 views

1 answer to this question.

0 votes

This is pretty off-topic, but I'll supply an answer to the more general question of It really boils down to two things;

  1. Security is hard. What seems like an obvious security flaw to you could be entirely glossed over by someone else, and someone else could probably find a flaw you wouldn't imagine. We all have our blind spots, and for any value of "you", there is someone out there who is cleverer than you, or can very least see through your personal blind spots. Large software dev companies (Google, Apple, Microsoft, ect.) have entire appsec departments dedicated to attacking their software before its released, and these gigantic teams still all-too-often miss things that an attacker can easily find. And because security is hard, 2
  2. Security is expensive. Many IoT devices are mass-produced and intended for mass consumption. The game of the IoT market (or really, the market for the vast bulk of physical products) is figuring out how to provide an equivalent, or better, product than your competitors' at a lower price point. Companies in this market have a strong incentive to eliminate, or at least skimp out on, anything that slows production or increases the cost-to-produce per unit. Security is barely regulated, not a priority for consumers, and doing it right is extremely time-consuming and expensive. Add in the fact that many manufacturers sell to non-local markets, and so are harder for customers to sue if a security breach occurs, and you have strong incentives for IoT device producers to not give security much thought, if any.
answered Aug 23, 2018 by anonymous2
• 4,280 points

Related Questions In IoT (Internet of Things)

0 votes
1 answer

Azure IoT Hub : How to set Epoch Value of an Azure Function?

Try using Azure IoT Hub consumer groups, if ...READ MORE

answered Feb 21 in IoT (Internet of Things) by Shubham
• 13,350 points
165 views
0 votes
1 answer

How to use the data I receive from Azure IoT Hub?

The payload you receive will be a ...READ MORE

answered Aug 1, 2018 in IoT (Internet of Things) by DataKing99
• 8,130 points
654 views
+1 vote
1 answer
0 votes
1 answer

How to deploy Windows 10 IoT (Rasp Pi image) as a Virtual Machine

The easiest way I found is downloading ...READ MORE

answered Sep 10, 2018 in IoT (Internet of Things) by Upasana
• 8,570 points
330 views
0 votes
1 answer
0 votes
1 answer

Downloading source code of Android Things

No because AndroidThings is still in preview ...READ MORE

answered Jul 5, 2018 in IoT (Internet of Things) by anonymous2
• 4,280 points
557 views
0 votes
1 answer

Setting-up a RFID RC522 chip in Raspberry Pi?

First, let me congratulate you on buying ...READ MORE

answered Jul 9, 2018 in IoT (Internet of Things) by nirvana
• 3,060 points
210 views
0 votes
1 answer
0 votes
1 answer

How to learn IoT ?

If you learned something like C (c# ...READ MORE

answered Sep 17, 2018 in IoT (Internet of Things) by anonymous2
• 4,280 points
53 views