We’ve been hearing a lot about IoT security recently. The news is overwhelming us with stories about baby dolls and baby monitors that can listen in on conversations at home, not to mention surveillance cameras that provide video streams to unauthorized individuals.

To better understand these events, let’s start by looking at what is IoT. According to Gartner, “IoT is the network of physical objects that contain embedded technology to communicate and sense or interact with their internal states or the external environment.”

Now, you can say, “well, that’s the same as a PC.”

However, the definition of IoT goes further. These devices have a single purpose and in many cases do not have a human interface like a PC, such as a keyboard and a screen, that help control the device.

The IoT device

An important aspect of an IoT device is that the device is controlled remotely via the network. So besides that, IoT devices collect and provide data over the Internet just as they are configured and controlled over the Internet.

There are many examples of IoT devices. These include home thermostats, tracking devices for cars or pets, electronic door locks, remote-controlled lighting, home automation, etc. Let’s not forget about the devices for industrial control systems, such as remote sensors, controllers, PLCs, and even robots. Are these IoT devices? Well, if they are directly or indirectly connected to the Internet, you could consider these devices as part of the IoT realm.

To understand the threats to IoT and IoT devices, let’s start with the device itself. An IoT device is commonly built upon a microcontroller and has dedicated software (firmware) that provides application logic. The firmware is very specific and customized for each of those devices, which is why we sometimes refer to those devices (Read more...)