Addressing the Vulnerabilities of IoT Devices

Addressing the Vulnerabilities of IoT Devices
Author: Larry G. Wlosinski, CISA, CISM, CRISC, CDPSE, CISSP, CCSP, CAP, PMP, CBCP, CIPM, CDP, ITIL v3
Date Published: 29 July 2019

My recent Journal article on the Internet of Things (IoT) was inspired by an article I read on a botnet takedown that involved the digital recording devices that many people have connected to their television. It reminded me of the information security problems that came to light as new computer software was developed and used by many organizations and people. When the personal computer industry was in its infancy, there was no thought about misusing it (e.g., local denial-of-service attacks, adding malicious software to the computer). The only concern was getting it out in the marketplace and selling it. Information security and privacy were not a concern, device capabilities and features were.

We are in the same situation with IoT devices, as the basic components of the computer are the memory and processing chip, the software, and the storage device (i.e., hard or flash drive). IoT devices are very similar to if not actual computers. They have some type of data communications, they store programs, they process and store data, and they possess the capability/weakness of being misused.

In my article, I identify the botnet components, list many IoT device vulnerabilities and talk about the types of attacks (and actual security incidents) that have taken place against various IoT devices. I review the information security and privacy concerns of home, office, and personal IoT devices, and my article identifies many of the common concerns. Recommendations for organizations, IoT device manufacturers, and the home and business are also included.

My intent is to make you aware of the possible weaknesses in these devices and how they can be a threat to you, your family, your well-being and possibly your place of work.

Read Larry G. Wlosinski's Journal article:

"The IoT as a Growing Threat to Organizations," ISACA Journal, volume 4, 2019.