The IoT Village advocates for advancing security in the Internet of Things (IoT) industry through bringing researchers and industry together.
The IoT Village has served as a platform to showcase and uncover hundreds of new vulnerabilities, giving cyber experts the opportunity to learn about the most innovative techniques to both hack and secure IoT.
I Am The Cavalry spoke with the IoT Village team about their work.
Q: What are the greatest current security threats to IoT tech? Why should people care about them?
A: What alarms us the most is the amount and severity of vulnerabilities that go unnoticed throughout the software development lifecycle. From the research we perform, to the presenters we invite on stage at IoT Village, the most common topic being discussed involves vulnerability research. As such, we believe that the lack of security processes in place during IoT development poses one of the greatest threats to companies and consumers alike.
Many of the high-risk vulnerabilities that our researchers from ISE have identified over the years often required very low testing effort and were considered easy to exploit. This isn’t to say that such research doesn’t require expertise, but rather suggests that companies may be neglecting crucial security decisions in the development lifecycle.
Having secure development practices, engaging in thorough and rigorous security testing, and being able to issue frequent security updates would help mitigate this threat.
This is a very important area to direct awareness to as it may allow companies to allocate proper resources towards security testing efforts when it matters most: in development. Once businesses and consumers purchase IoT devices and services, it may be too late.
Q: How does connected technology make IoT a target for malicious actors?
A: Connected technology is what enables attackers to target IoT systems remotely. Malicious actors may choose to target IoT devices since they are often perceived as easy targets subject to various classes of vulnerabilities and lack of mitigation options. Depending on how IoT devices are deployed, they may provide privileged access to private networks, making them an attractive target for malicious actors. Once an attacker compromises a vulnerable IoT device, they may use their access to pivot laterally throughout the network to target other systems.
Q: How does your work help make average people’s lives safer?
A: Not only have we served as a platform to showcase and uncover hundreds of new vulnerabilities, but we provide attendees with the opportunity to learn about innovative techniques to secure IoT. Additionally, we provide researchers with a stage to connect with IoT manufacturers, bringing awareness to various security issues.
In attendance are numerous security engineers who are responsible for securing the applications and hardware used in consumer IoT. By bringing the expertise of these two groups together, IoT security can improve, resulting in a safer environment for all.
Q: What do you hope the impact of bringing together researchers and industry leaders will be?
A: To increase the quality of device and online security as it relates to IoT. We are also trying to remove the barriers that exist between manufacturers and vulnerability researchers. We’ve heard it before, but some departments at manufacturers react differently when a researcher makes a vulnerability disclosure. Some departments feel like it’s a threat or an attack. We hope that bringing these groups together can help dismiss the notions that researchers are a threat and that manufacturers are antagonistic.
Q: Can you give me an example of a vulnerability that your organization has uncovered?
A: I think these resources below do a good job summarizing a recent finding!
“Yet Again, Vulnerabilities Found in a Router“
“Tenda AC15 AC1900 Vulnerabilities Discovered and Exploited“