Connected objects

Connected objects (IoT, Internet of Things) have gradually invaded our daily life. Smartphones and connected devices, whether they are connected directly or indirectly to the Internet, form a new digital galaxy. And the size of this galaxy continues to grow: it is estimated that by 2025, no fewer than 150 billion connected objects will populate the world.

The IoT brings together all the sensors and objects connected to the Internet, thus allowing remote control of our physical environment. They are present both to the general public, notably with home automation, household appliances, or even bracelets and connected watches, as in the fields of health or industry (industry 4.0).

This new reality gives rise to particular risks. These ever-increasing interconnections are potential security holes, and the large amounts of data processed and stored in the cloud are a target for some criminals.

By helping you better understand connected objects and the implications of their use, this site will help you get the best out of them … and avoid the worst.

How to protect yourself

Password

0000 is null for the password

Password

The first precaution to take is to ensure a high level of password complexity. These must contain a mixture of upper- and lowercase letters, numbers and special characters. You can test the strength of your password through free tools such as https://howsecureismypassword.net/.

Default accounts of connected objects are generally known and appear in public documentation. It is, therefore, very easy for an attacker to test these front doors in an attempt to take control of an IoT. When first accessing the configuration settings of the IoT device, it is advisable to create your personal administrator account and then delete the default accounts. This way, attacks on these easy targets can be prevented.

Physical security

Free your mind, not your devices….

Physical security

In order to understand the need to physically secure connected objects, all you have to do is ask yourself a question. Would you leave your cell phone unattended on the street? The answer seems obvious, yet in the IoT world, this is not always the case. Connected objects must, therefore, be protected against the risk of theft, sabotage or compromise by a malicious third party.

Let's be clear, it is not for its own value that a connected object must be protected, but for the data it can contain and for the malicious use that could be made of it by using it to reach other targets. Depending on the situation, when a connected object must be left "in hostile terrain", it will be necessary to ensure that it does not contain any usable data and that it cannot be used by unauthorised third parties.

Updates

Patch, Patch, Patch…

Updates

One of the major issues is a common suspect in cybersecurity: failing to install software updates ("patches"). It is particularly important to use the patches provided by the suppliers. This is especially important for connected objects which are -by definition- permanently exposed to potential attacks.

If regular and automatic updates can be activated, it is strongly recommended to activate this option, provided that the protocol is secure and the remote site is trustworthy. In the absence of an automatic update feature, it is advisable to check manually and on a regular basis the availability of a software update. This minimises the likelihood of being attacked via known vulnerabilities that can be corrected with regular software updates.

Recognised manufacturers

« Clever Akafen »

Recognised manufacturers

In order to reduce the risks, it is advisable to choose recognised products from reputable manufacturers. These manufacturers generally have the means to invest in the development of quality products.

Network

Close the front door…

Network

General

Once you have made your choice for an IoT product, it is important to identify it and know what the properties of the product are that you integrate into your computer network. By taking an inventory of all connected devices and their particular characteristics, normal activities can be separated from suspicious or unwanted ones. Regular monitoring of the local area network (Wi-Fi), connected devices and their activity will also detect any problems and close doors when they are no longer in use.

Network segmentation

Multiple IoT security vulnerabilities cannot always be controlled. The residual risk that a potential attacker could exploit one of these flaws and thus interfere with the local computer network remains very high. If other mission-critical applications are hosted on the same internal network, it is strongly recommended to separate this network into several segments. One logical segment or network should host and/or interconnect the IoT devices, while a second dissociated network would be used exclusively for the hosting of critical information systems.

Network filtering

Certain network elements (routers and firewall for example) allow filtering the information circulating between two networks or network segments. The filtering can, for example, relate to the source or destination addresses and ports, communication protocols, content, bandwidth or the volume of information. In the case of network segmentation, it would thus be possible to filter information exchanged between two segments and, for example, only accept connections between devices identified beforehand according to a well-defined exchange protocol.

Device deactivation

Because an oversight can become a loophole.

Device deactivation

Any IoT device integrated into the network has potential flaws and vulnerabilities. A device that is not in use may also be forgotten in inventory or security updates. Therefore, do not hesitate to deactivate any device that is not in use.

Furthermore, an IoT device can have a variety of communication interfaces, the use of which is defined according to the deployment scenario. Again, limit its exposure to potential vulnerabilities. It is recommended to disable or remove the types of interfaces that are not necessary for the proper functioning of the IoT device in its digital environment.

Disposal

Because everything has an end…

Disposal

In case of prolonged non-use or obsolescence, IoT devices should be removed from the network and be disposed of. IoT devices often have a memory that stores information or configurations that reveal aspects related to the security of your network. Do not forget to delete this data from the devices.

Contract

Dura lex sed lex…

Contract

As with any contract, careful reading is required. The general conditions of use (GCU) of a connected object can be long and complex, but they are not trivial because they legally bind their users. The same applies to the conditions of use of the online services associated with these objects.

General

Network segmentation

Network filtering

Protect yourself. Secure your connected device.

Advice for a more secure use of connected objects.

Smart Phone

Smart Office

Smart Home

Smart Wearables

Smart Toys

Connected objects

The risks

Information leak

Information leak

Diversion

Diversion

Mass surveillance

Mass surveillance

Tracking

Tracking

How to protect yourself

Password

Password

Physical security

Physical security

Updates

Updates

Recognised manufacturers

Recognised manufacturers

Network

Network

Device deactivation

Device deactivation

Disposal

Disposal

Contract

Contract

Campaign material