IoT Facing Serious Security Issues from Shadow Devices and Side-channel Attacks
According to a recent report released by Zscaler, a cloud security company, there have been 14,000 IoT-based malware attempts that have been blocked every month since May of 2019. The number of monthly attacks has drastically increased since the summer, and with the popularity of IoT devices soaring to new heights, this number is likely to rise. IoT devices are not safe from hackers—partly because manufacturers don’t invest in the digital security of these devices. In fact, according to a 2019 report by Irdeto, only 58% of companies make security part of the product design cycle. Now, companies have even more to worry about, as Zscaler’s new report has found that shadow IoT devices are impeding businesses’ security.
Shadow devices are those that employees bring into work with them. These devices are usually unauthorized and pose a serious security risk to companies. These devices include smart watches, media players, IP phones, IP cameras, and medical devices, to name a few. Often, IT departments are unaware that these devices are on the corporate network, and what’s worse is that 83% of IoT-based transactions are occurring over plain-text channels, which are not as secure as SSL channels. Using a plain-text channel leaves device data vulnerable to hackers.
Digital security isn’t the only thing with which IoT device manufacturers and users should be concerned. IoT devices are also vulnerable to side-channel attacks—attacks that break cryptography by monitoring the emission of a device’s electromagnetic field radiation, among other tactics. Hardware stores imperative data with encryption algorithms, but it can leak this information in the form of electromagnetic radiation and even power consumption. For instance, laptop screens that emit EMF radiation could provide hackers with your information before it is encrypted. Attacks are more prevalent on devices employing symmetric key encryption with a static secret key, but they can happen to any IoT device. Recently, hackers used this method to counterfeit e-cigarette batteries.
Unfortunately, leakage is inevitable. A solution developed by Purdue University, however, does support IoT devices and defend against side-channel attacks. According to the research team, they used mixed-signal circuits to embed the crypto core within a signature attenuation hardware with lower-level metal routing. This way, the critical signature is suppressed before it reaches the higher-level metal layers and the supply pin.
It is imperative to design your IoT device as effectively and securely as possible. Rhein Tech Laboratories is here for your design and testing needs. Whether you want help in the design process or need your device tested for compliance, we’re here to assist you in every step of the way. Call us today or request a quote online. Sources: https://www.helpnetsecurity.com/2020/02/26/shadow-iot-enterprise/, https://www.helpnetsecurity.com/2020/02/26/stop-side-channel-attacks/