Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Internet of Things. Show all posts

The Role of IoT in Modern Infrastructure


Imagine if someone told you in the early 2000s that entire industries would run almost by themselves, thanks to a network of connected devices. Today, this is no longer science fiction but our reality, thanks to the Internet of Things (IoT). By 2030, it’s expected that there will be over 29 billion IoT devices globally. These devices are transforming critical infrastructure like power grids, water systems, transportation networks, factories, military bases, and airports, making them more efficient and reliable.

How IoT is Changing Critical Infrastructure

IoT is revolutionising how we manage and operate our critical infrastructure. These devices allow for real-time data collection, remote monitoring, and automation. This means that systems can run more smoothly, costs can be reduced, and services can be more reliable. However, setting up these networks over large areas isn’t easy. It requires substantial investment and upgrades to existing infrastructure.

The Cybersecurity Challenge

With so many devices connected, the security risks increase. Many IoT devices don’t have strong security features, making them easy targets for hackers. Here are some specific concerns:

1. Unauthorised Access: Many devices come with default passwords that are easy to guess, making them vulnerable to attacks.

2. Data Breaches: If data isn’t encrypted, it can be intercepted and misused.

3. Denial of Service (DoS): Networks can be overwhelmed by excessive traffic, causing disruptions.

4. Software Vulnerabilities: Outdated software can have security gaps that hackers can exploit.

Because these devices are interconnected, a breach in one can potentially compromise the entire network, causing widespread issues.

To protect against these threats, a multi-layered security approach is essential. Actelis Networks, a company specialising in secure networking solutions, uses a strategy called "Triple Shield." This includes encrypting data, breaking it into fragments, and scrambling it, making it extremely difficult for hackers to access and exploit the information.

Actelis’ strong security measures have earned it a spot on the U.S. Department of Defense’s approved products list. Recently, they secured contracts to upgrade the networks at three U.S. military bases, reflecting the growing investment in cybersecurity amid increasing cyber threats.

While security is crucial, ensuring that IoT devices can communicate without interruptions is also important. Actelis' hybrid-fibre technology uses existing network infrastructure, combining fibre, coax, and legacy copper wiring. This allows for high-speed connectivity without the need for extensive new construction, reducing costs and deployment time.

Actelis’ technology uses Ethernet access switches and extenders to achieve gigabit speeds over various types of wiring. This not only enhances connectivity but also supports the efficient operation of sensors and cameras essential for real-time monitoring and control.

The Future of IoT in Critical Infrastructure

As IoT continues to evolve, innovative network designs will play a key role in addressing the challenges of speed, maintenance, and security. Actelis’ hybrid-fiber technology and multi-layered security approach show how we can achieve these goals, ensuring that technological advancements contribute to a safer and more efficient future.

The integration of IoT in critical infrastructure is a dynamic and evolving field. By addressing both connectivity and security challenges, companies like Actelis Networks are helping build a more resilient and advanced infrastructure that can withstand the complexities of the modern digital landscape.


IoT: Why is this Attacker's Favorite Target?

 

Internet of Things (IOT) devices are increasingly emerging as the preferred targets of attackers due to their lack of built-in security and persistent default password usage. It should come as no surprise that hackers choose to target IoT devices given the explosive growth of the numerous roles and identities ascribed to each advanced IoT sensor in an operations technology (OT) network and their close proximity to mission-critical systems powering businesses. The State of IoT Security, 2023, a recent analysis from Forrester, examines the elements that are making IoT devices increasingly popular with hackers throughout the world. IoT threats are expanding far more quickly than traditional intrusions. According to Kaspersky ICS CERT, an assault affected 34.3% of all industrial sector computers in the second half of 2022.

Researcher Release Report on Internet of Things and Malware Security

With the fast usage of IoT devices, also becoming a lucrative target for threat actors, the reason being these devices are equipped with higher processing power and capability of running a fully functional OS, recent studies aim to better malware research to decrease potential security risks. These results were brought out by a group of researchers from IRISA (Research Institute of Computer Science and Random Systems) at the Annual Computer Security Applications Conference (ACSAC). 

"Electromagnetic emanation that is measured from the device is practically undetectable by the malware," academicians Duy-Phuc Pham, Damien Marion, Matthieu Mastio, and Annelie Heuser said in their research paper. "Therefore, malware evasion techniques cannot be straightforwardly applied unlike for dynamic software monitoring. Also, since a malware does not have control on outside hardware-level, a protection system relying on hard]ware features cannot be taken down, even if the malware owns the maximum privilege on the machine," they further mentioned. 

The aim is to get benefits from the side channel information to find out flaws in emissions when they deviate from earlier observed paths and raise an alarm if a malicious pattern emulating the virus is observed in contrast to the device's normal behavior. The process doesn't require any modifications on selected systems, the framework given in the paper allows finding and classifying stealthy malware like kernel-level rootkits, DDoS (distributed denial of service) attacks, ransomware and, other variants. 

The process takes place in three stages, side-channel stage involves measuring electromagnetic emanations while performing thirty different malware and executing video, music, camera, and picture-related tasks for training convolutional neural network (CNN) model for categorizing real-world malware samples. "By using simple neural network models, it is possible to gain considerable information about the state of a monitored device, by observing solely its electromagnetic emanations," the report says.

The Future Comes With Promising Edge Technology, Say Experts

 

The huge amount of data continuously collected via billions of sensors and devices that comprise the IoT can pose a serious threat for organizations that depend on primitive intelligence and analytics tools. Since the beginning, these devices have not been much effective and needed central servers to process data, mostly cloud-based servers (public) which could be far away. Currently, however, for the same price, you can get more computing power, making way for AI-powered, and edge located devices that make their own commands. 

As per the experts, by 2025, 75% of organization-generated data would be created and processed by an edge. From driverless cars capable of processing and analyzing real-time traffic data (without cloud), to factory systems that can process sensor data for future maintenance. This rapid development in the age of smart devices at the edge will provide vast opportunities in businesses and for users. The capability to create automated and store data for analysis linked to the source is most likely to give operational advantage, produce new and effective services, enhance scalability and transfer data away from central servers. 

Along with this, the fast edge development requires that security leaders adhere to discipline even though the distribution of data that seems to be on the horizon. It must be important for the user to understand the relation between edge and IoT (Internet of Things), the edge allows computation to run on device/ local network rather than sending data to be analyzed on public cloud servers or central data centers, which is time-consuming and also costs resources. 

After that, the analyzed data can be sent to its endpoint. Hence, edge computing lowers the bandwidth risks and analyses data within proximity. It is very crucial in IoT as there exist billions of sensors and systems across the world that produce processed data, let it be inter-connected home devices, health wearables, or industrial machinery. "Especially for use cases like healthcare monitoring and safety apps – where milliseconds count – edge computing and cheaper, more powerful AI-powered devices are emerging as perfect partners to process the massive amounts of information generated by connected devices," reports HelpNetSecurity.

Interview with Waylay: Power of Automation to Everyone?

 

On 8th January, E-Hacking News conducted an interesting interview with Waylay. The guest speaker for the interview was Mr. Veselin Pizurica, CTO & Co-Founder, Waylay. The company helps to connect IoT solutions to IT systems, empowering them to build new applications faster and better than ever before.

Q1. Can you please tell us about “Waylay” as a company? 
Waylay is a technology company that builds automation software for the Internet of Things. Our platform is used by enterprises to develop new digital solutions with IoT, IT, and OT data in the most flexible way. We have about fifty enterprise customers from Australia, Japan, Europe to the US. We are expanding to the US with a physical presence because we’ll like to get better support for our US customers. Today we are more focused on OEM technology meaning we work as an invisible layer, where other companies can buy our software that integrates our automation technology with their solutions. 

Q2. In what industries Waylay is useful for? What type of customers may be interested? 
In the context of IoT, one has two approaches – either go for a vertical approach or being a platform-neutral player where other customers create their own solutions based on automation technology. In this regard, we are the latter case. Our customers are either in the smart buildings or HVAC connected appliances or even B2C. Our technology is used mostly in manufacturing spaces, smart buildings as well as HVAC. The reason for customers being interested in Waylay is because we are a cloud-capable platform as well. We have built a unique set of interfaces that work on top of all other cloud technology in a way that the bigger automation players can replicate the same use case in different clouds. 

Q3. Do you integrate with the existing HVAC system? What if an end customer wants to integrate into your dashboard, how do they do it? Do they need to put a specific IoT controller for this? 
What we have done is to create a kind of convergence layer that integrates to other IoT clouds or IoT systems in such a way that we put in just data for a variety of different systems. In other words, we are just saying we’ll create a bridge layer that can integrate with our system. Secondly, many of these HVACs are not connected and they will never be connected. Our technology offers the opportunity to integrate with other IoT systems. We are not enforcing our connectivity on our customers; we are rather saying whatever we have already we’ll create a layer that will enable us to get data in our systems 

Q4. Do you directly work with OEM (Original Equipment Manufacturer)? If so, do you have a development kit for OEM? What are the types of OEM you work with? 
We do actually. If you have the HVAC suppliers/manufacturers they, face a couple of different problems and none of them are actually trivial. So, basically what we offer is a sort of total automation that enables experts from both sides of the story (machine learning builders and machine learning experts) to bring them on one platform to be able to do total automation. The next thing you could do is offer new services; people are actually renting machines as a service rather than actually selling them. For instance, if you like to rent a machine as a service then your absolute interest is that the machine operates with optimum settings. 

Q5. IoT awareness is so low in many countries, will Waylay contribute positively to increase awareness in the IoT space? 
There are various angles to answer this question. First, IoT is something that people have been talking about for a long time. In a B2C context, if you buy any device, one or the other way, it is connected, it’s just that people are not aware of that. In smart home automation, it is already happening. In industries, things are much more complicated as there is a lot of different technology. Now, awareness also depends on the countries, some people are more eager to try things than others. In industries, the very first problem is connectivity, it not only depends on the use case vertical but also on the country. The thing with IoT is, it’s already happening but not at the same pace (compared to other technologies). What makes our company very confident is eventually, everything will be connected, it’s just that the pace of adoption in some countries is slower than others. 

Q.6 Your blog talked about “Waylay’s Digital Twin Revolutionizes Provisioning in Industrial IoT.” Please tell us more about it. 
When we talk about Digital Twins, we are talking about the digital representations of the objects. It can mean different things to different people. “In an ideal world, all equipment would be connected. In reality, millions of legacy machines are locked out of Industry 4.0 solutions because of the prohibitive cost of retro-fitting them.” 

Q.7 How has Waylay helped to bring a change in Digital Industry? 
Our goal is to bring the power of automation to everyone. Waylay believes that automation liberates human intelligence, cuts down costs, and increases value creation.

IoT (Internet of Things) : taking the world by storm

IoT or Internet of things refers to billions of devices and machines in the world connected to the internet, sharing and collecting data.


Now, with the advancement in computing and wireless technology even something as small as a pill or as big as an aeroplane can become a part of IoT. Any device or machine that can be transformed into an IoT device is connected to the internet to communicate and transfer data and perform  functions without human involvement.

According to Gartner, a research and advisory company around 21 billion "connected things" right at this moment are working collecting data and performing tasks. They predict that by the end of 2020, the IoT market will grow 21% with 5.8 billion endpoints.

"Electricity smart metering, both residential and commercial will boost the adoption of IoT among utilities,” said Peter Middleton, senior research director at Gartner. “Physical security, where building intruder detection and indoor surveillance use cases will drive volume, will be the second-largest user of IoT endpoints in 2020.”

 Be it consumer devices, smart devices, the medical sector, government, industrial sector like automobiles, productions nearly every enterprise use IoT devices in some form.

 he utility of IoT devices is realized in this COVID-19 era where the ability to remote control devices and perform works is a great help. These millions of IoT endpoints are bridging the gap between the digital and physical worlds.

Mobilizing the World

The best example of IoT's value is the 'Medical Sector' like Kinsa's connected thermometer which sends the data to the company who uses it to flag possible COVID-19 outbreaks.

 79 percent of healthcare providers with over $100 million revenue put IoT devices in production. Gartner also predicts a 13-percent rise in medical IoT spending for the next fiscal year.

 As great are the benefits of Iot, the risks are ever-increasing. There are security risks as connecting to internet invites attack vendors that offline machines never face. Installing IoT devices are a great feat in itself with proper procurement, deployment, security, and monitoring.

But the rewards of IoT surpass the risk, they increase efficiency, provides a cutting edge technology, and most importantly the invaluable data. Ofcourse, one needs the right analytics tools and strategy that imputes building a whole analytics team and department. Experts do say, you would definitely fail in your first attempt but learn from the mistakes and get it right the next time

Three Botnets Abuse Zero-Day Vulnerabilities in LILIN's DVRs!


Not of late, LILIN recorders were found to be vulnerable. Reportedly, botnet operators were behind the zero-day vulnerabilities that were exploited in the Digital Video Recorders (DVRs ) that the vendor is well known for.

Sources mention that the exploitation of the zero-day vulnerabilities had been a continuous thing for almost half a year and the vendor was unaware. Nevertheless, they rolled out a patch in February 2020.

Digital Video Recorders are electronic devices that collect video feeds from local CCTV/IP cameras systems and store them on different mass storage devices like SD cards, USB flash drives, disk drives, etc.

DVRs are a huge deal today given they are a major element for the security cameras that are used almost everywhere in these times.

With CCTV cameras raging, attacks especially designed for them have also risen equally. Malware botnets and other hacker operations have been targeting these widely used DVRs for quite some time now.

Per sources, the non-revised and out of date firmware stands to be the reason for these devices being hacked. Especially, the DVRs with default credentials are exploited to kick off DDoS and other IoT attacks.
Sources mention that security researchers found LILIN’s DVRs too were being exploited for almost half a year, since August last year by three botnets.


The vulnerability in the “NTPUpdate”, sources mention, allows attackers to inject and control the system’s commands. Via one of the ‘hardcoded credentials’ (root/icatch99 & report/8Jg0SR8K50) the attacker stands a chance to retrieve and alter a DVR’s config file, and later control commands on the device after the File Transfer Protocol (FTP) server configuration is regularly matched.

Per sources, the first botnet behind the zero-day vulnerability was the “Chalubo botnet” with a motive of exploiting the NTPUdate of the LILIN DVRs. The other two were employed by the “FBot botnet”

Reportedly, a couple of weeks after the previous attacks of the FBot, the Moobot botnet also tried its luck and succeeded on the second zero-day vulnerability.

There is no knowing as to what the exact motive was behind hacking the LILIN DVRs. Nevertheless, there has been a history of DDoS attacks, re-routing traffic, and proxy networks.

As it happens there are, per sources, over 5,000 LILIN DVRs that exist today thus making it quite a hefty task to update all of them immediately. But it’s a relief to know that the first step has been taken. There’s not much to worry about now given LILIN has released a firmware update along with solutions for mitigation.