Digitalisation: Are We Secure?
No wonder the world is moving towards digitalisation at a very fast pace. We have smart phones, smart homes, small schools, smart malls, smart roads and smart cities. Undoubtedly, digitalization is improving our lifestyle; we are more civilized than before, but the question is: “ARE WE SECURE“?
Insecure IoT Devices
With the advancement of various hardware and software technologies, there are more and more IoT devices, which leads to an insecure environment. As millions of devices are connected, it creates a larger attack surface, which increases the opportunities for attackers. Both software and hardware attacks are increasing day by day. A single vulnerability can harm the entire network and also harm the society. There are many open source tools available for hackers and attackers. Even though many Anti-Forensics tools and techniques are available which help the intruder to protect themselves from future investigations. Even though the use of Anti Forensic tools and techniques is illegal, we need to ensure that the strict laws against the use of forensic tools are followed.
Vulnerable IoT Devices
Imagine a situation where there is a vulnerability in software used by millions of smartphone users. There are a number of reasons for vulnerabilities in IOT devices that make them insecure. They can be software, hardware or network vulnerabilities. There are also some other reasons for vulnerability in IoT devices. Some of them are listed below: –
- Weak Password Protection
- Lack of Patch Management
- Insecure interfaces
- Poor IoT Device Management
- Lack of skilled personnel
- Hardware malfunctions
- Human ethical issues
Opportunities provided by Vulnerable Devices
These insecure devices allow cyber criminals to hijack (gain access to) the devices and launch further attacks on other systems. Example: After gaining access to a remote target system, the intruder next attempts to gather more network information, such as about other systems available on the network. To this end, the intruder may use the ‘nbtstat’ command to view the contents of the NetBIOS cache. In addition, the intruder can collect information about the network connections running to and from the victim system. To do this, the intruder can use the ‘netstat’ command. In this way, the intruder can hijack millions of devices through a single device and perform various attacks such as DoS and DDos attacks and also damage the entire network. There is no end to the malicious activities.
The more insecure devices, the more cyber-attacks.
Dr. Rama Bhatia Singh – MDIS School of Engineering and Technology