search
HomeOperation and MaintenanceSafetyWhat do you know about the security risks of the Internet of Things?
What do you know about the security risks of the Internet of Things?Dec 29, 2020 am 10:35 AM
Security RiskInternet of things

What do you know about the security risks of the Internet of Things?

Introduction:

Introduction to the Internet of Things:

(Learning video sharing: Programming video)

The Internet of Things refers to the real-time collection of various required information such as any objects or processes that need to be monitored, connected, and interacted through various information sensing devices, and is combined with the Internet to form a huge network. Its purpose is to realize the realization of things and things, and things. The connection with people, all items and the network facilitates identification, management and control. The Internet of Things is a highly integrated and comprehensive application of a new generation of information technology. It has become the core driver of a new round of global technological revolution and industrial transformation and the key foundation and important engine for green, intelligent, and sustainable economic and social development.

The security of the Internet of Things has risen to the level of national security. This topic analyzes the three aspects of "cloud, pipe, and end" security of the Internet of Things, expounds the main security threats currently faced by the Internet of Things, and provides an introduction to the Internet of Things. Security control analysis. Internet of Things security management and control also need to be adapted to the development trend of the Internet of Things, and can protect the healthy, stable, and rapid development of the Internet of Things.

1. Internet of Things Terminal Security

As a representative product of the deep integration of information space and physical space, Internet of Things terminals have rapidly expanded from pioneering products for personal consumption to various economic and social fields, empowering New service methods in education, medical care, retail, energy, construction, automobiles and many other industries support the improvement of basic urban functions such as government offices, public safety, transportation and logistics. Existing IoT terminal equipment focuses on function implementation, while traditional equipment manufacturers lack security capabilities or consider factors such as time and cost, and generally ignore security issues in terminal design. IoT terminals can be divided into smart terminals and non-smart terminals. Most smart terminal devices have embedded operating systems and terminal applications, while most non-smart terminal devices have a single structure and function and only perform functions such as data collection and transmission. Smart terminals Devices pose greater information security threats.

According to the research on IoT smart terminals, such as home appliances, smart devices, web cameras, etc., it is found that there are four main security threats to the security of IoT smart terminals.

1. Internet of Things intelligent terminal security threats

Security threats

1) Internet of Things intelligent terminal devices have weak password problems;

2) Internet of Things There are security vulnerabilities in the operating systems, built-in Web applications, databases, etc. of smart terminal devices and are used to steal data, launch DDoS attacks, send spam, or be manipulated to attack other networks and other serious security incidents;

3) Internet of Things The identity authentication of smart terminal devices is weak;

4) IoT smart terminal devices are implanted with malicious code or become a botnet.

Security Threat Characteristics

1) There are a huge number and types of weak passwords in IoT smart terminal devices, with wide coverage;

2) IoT smart terminal devices are maliciously controlled Afterwards, it can directly affect personal life, property, privacy, and life safety;

3) Simple malicious use;

4) The later reinforcement of IoT smart terminal equipment is difficult and needs to be done in the design Security issues began to be considered during the development stage;

5) IoT smart terminal devices are widely distributed and used in different scenarios, making it difficult to carry out unified upgrades, patches and reinforcements;

6) Identity forgery and counterfeiting It can then carry out malicious attacks; 7) Used to steal data, launch DDoS attacks, send spam or be manipulated to attack other networks and other serious security incidents.

2. Analysis of security control of IoT smart terminals

In the design and development stage of IoT smart terminals, security control measures should be considered in the design and safety control measures; security protection testing should be done synchronously before terminal production and release; During the terminal release and put-in-use phase, firmware vulnerability update management and smart terminal security monitoring are performed simultaneously. The specific IoT terminal security management and control analysis is as follows:

1) In view of the wide distribution range and large number of IoT smart terminals, the IoT should carry out virus perception and detection on the network side.

2) Corresponding specifications should be established for the information retention of IoT smart terminals to limit the type, duration, methods, encryption methods, access measures, etc. of information retention.

3) The identity authentication strategy of IoT smart terminals should establish strong identity authentication measures and a complete password management strategy.

4) Before the production and release of IoT smart terminals, security testing should be done. After the terminal is released, firmware updates and vulnerability management should be carried out in a timely manner, and network access permission should be granted if necessary.

5) Build a security inspection platform or build corresponding security monitoring methods for IoT smart terminals, which can detect abnormal terminals, isolate suspicious applications or prevent the spread of attacks.

3. Security threats of non-intelligent terminals in the Internet of Things

According to the research on non-intelligent terminals in the Internet of Things, such as sensors, radio frequency identification (RFID), etc., the current non-intelligent terminals in the Internet of Things are in network security No security threats were found at the physical security level, and there were security threats from physical manipulation by attackers at the physical security level.

2. Internet of Things Pipeline Security

The "pipeline" of the Internet of Things is the pipe connecting the "cloud" and the "end". The security of the "pipeline" of the Internet of Things is large-capacity and intelligent. Information pipeline security. According to the research on the IoT information pipeline, it was found that there are four main security threats to the security of the IoT pipeline.

1. Internet of Things pipeline security threats

IoT pipeline security threats

1) There is no unified Internet of Things communication protocol standard, and your own protocols can be used for communication;

2) The IoT card supervision system is not sound;

3) IoT pipelines are diverse, and some technologies are not included in security control, such as Bluetooth, infrared, and NFC;

4) IoT Man-in-the-middle attack on pipelines.

IoT pipeline security threat characteristics

1) Risks such as leakage of sensitive information;

2)Difficulties in compatibility between different IoT communication protocols;

3) There are differences with existing Internet communication protocols, and existing security tools cannot be transplanted to the Internet of Things;

4) There is a risk that IoT special cards and IoT industry cards are used illegally, leading to the Internet of Things Card abuse and cannot be traced;

5) Traditional network security management faces challenges;

6) Internet of Things pipeline attack methods are diverse;

7) Attacks can lead to relationships The important production system of the national economy and people's livelihood is abnormal;

8) The attack will cause greater destructive power.

2. Analysis of safety management and control of IoT pipelines

In the design stage of IoT pipelines, safe communication protocols, transmission media, etc. should be considered. In the construction stage of IoT pipelines, safety monitoring, Corresponding data interfaces are reserved for situational awareness, and security monitoring of the IoT information pipeline should be done during the stage when the IoT pipeline is put into use. The specific IoT pipeline safety management and control analysis is as follows:

1) Developers, manufacturers, and management departments should formulate IoT communication protocol standards as soon as possible.

2) Establish access control facilities for the Internet of Things system, especially access to important Internet of Things systems related to the national economy and people's livelihood. Distinguish whether there is IoT signal transmission in traditional networks and build IoT signal monitoring methods.

3. Internet of Things Cloud Service Security

In layman’s terms, Internet of Things cloud services are used when sharing information with other parties’ resources. Therefore, protecting the security of cloud services also protects the security of the Internet of Things. key link.

According to a survey of current mainstream cloud products, it was found that there are eight major security threats to the security of IoT cloud services.

1. Internet of Things cloud service security threats

IoT cloud service security threats

1) Data leakage;

2) Login credentials stolen and Identity authentication forgery;

3)API (Application Programming Interface) is attacked by malicious attackers;

4)System vulnerability exploitation;

5)System vulnerability exploitation;

6) Malicious personnel;

7) Permanent data loss of the system;

8) Denial of service attack threat;

9) Cloud service sharing technology, Shared risks.

Characteristics of security threats

1) Large amount of leaked data;

2) Easy to form an APT (Advanced Persistent Threat) attack target;

3 ) The value of leaked data is high;

4) It has a large impact on individuals and society;

5) It is easy to forge identities in the Internet of Things;

6) If credentials are not properly controlled, data Isolation protection cannot be performed;

7) There are many IoT API interfaces and are easily attacked by malicious attackers;

8) The types of IoT API interfaces are complex and attacks are diversified;

9) The vulnerability of the IoT cloud service system has a great impact after being attacked by malicious attackers;

10) Malicious behavior of insiders on data;

11) Attack threats from outsiders;

12) Cloud data damage will cause damage to the entire IoT system

13) Affect the national economy and people’s livelihood;

14) Cause abnormal service of the IoT system;

15 ) Virus attacks caused by shared technologies.

2. Analysis of security management and control of IoT cloud services

In projects such as new construction, reconstruction, and expansion of IoT cloud service systems, security protection facilities for the IoT cloud service system should be constructed simultaneously, and Conduct acceptance and put into operation simultaneously with the main project. The specific security management and control analysis of IoT cloud services is as follows:

1) IoT cloud services implement an access system. IoT cloud service systems should be registered and allowed to access the network after security assessment.

2) The identity authentication strategy for IoT cloud services should establish strong identity authentication measures and a complete password management strategy.

3) IoT cloud services should have attack defense capabilities and perception capabilities.

4) Establish a backup mechanism for IoT cloud services.

5) Regularly conduct risk assessments for the Internet of Things cloud service system;

6) Carry out certification for management and operation personnel of important and sensitive information systems, and establish a management and control mechanism for personnel in important positions.

Related recommendations: Website Security Tutorial

The above is the detailed content of What do you know about the security risks of the Internet of Things?. For more information, please follow other related articles on the PHP Chinese website!

Statement
This article is reproduced at:csdn. If there is any infringement, please contact admin@php.cn delete
物联网技术架构的最高层是什么物联网技术架构的最高层是什么Aug 23, 2022 am 10:48 AM

物联网技术架构的最高层是应用层;应用层处于物联网三层架构最顶层,应用层基于物联网技术提供丰富的物联网应用,对不同的行业有着不同的应用结果,实现不同行业物联网的智能运用是物联网技术的根本目标。

物联网的三层结构是什么物联网的三层结构是什么Jul 01, 2022 pm 02:58 PM

物联网的三层结构是:1、感知层,主要完成信息的采集、转换和收集;该层结构解决的是人类世界和物理世界的数据获取问题,由各种传感器以及传感器网关构成。2、网络层,又称传输层,主要完成接入和传输功能,是进行信息交换、传递的数据通路,包括接入网与传输网两种。3、应用层,解决的是信息处理和人机界面的问题;网络层传输来的数据在这一层里进入各类信息系统进行处理,并通过各种设备与人进行交互。

go语言可以写物联网吗go语言可以写物联网吗Dec 28, 2022 pm 04:46 PM

可以写。在物联网领域,用Golang可以高效的接入并管理数以百万的设备;并使用Golang的各种前沿技术实时分析数据并创建数据报告。用Golang开发物联网平台的原因:1、Go的三个作者能力强;2、Go的性能仅次于C/C++;3、入门非常快,大多程序员1-2周都可以上手;4、并发特性好;5、能兼容大量的硬件设备;6、有良好的社区支持;7、可用干净的代码帮助开发人员加快速度。

边缘人工智能(Edge AI)能为我们做些什么?边缘人工智能(Edge AI)能为我们做些什么?Apr 09, 2023 pm 02:11 PM

人工智能 (AI) 是一种分散式计算,它允许设备在与用户交互的最近点做出以数据为主导的决策。这种技术的好处包括改善隐私和节省成本,但数据通常在处理后被丢弃。即将到来的进步,包括 5G 技术和成本更低的处理芯片,将使边缘人工智能对某些应用越来越有用——从智能家居设备到医疗技术。想象一下,您希望您的新智能恒温器能够快速调高温度,以便在异常寒冷的一天下班回家后,您的房子会变得温暖。您从智能手机连接并要求它采取行动。您不会知道,但该操作可能需要几秒钟,因为它将您的请求发送到云并接收返回的指令。现在再想象

物联网和人工智能将如何改变医患关系?物联网和人工智能将如何改变医患关系?Apr 14, 2023 am 11:01 AM

医疗保健从来都不是一个容易讨论的话题。无论是在医生的办公室还是在舒适的家里,谈论健康都会让人不知所措。大多数人都不喜欢去看医生。对医生发现问题的焦虑或不好意思问问题是人们更愿意在预约时的部分原因。再加上初级保健医生与患者相处的时间略多于15分钟,因此没有足够的时间来讨论问题或深入研究任何测试结果。我们通常只在每年一次的医生就诊时讨论自己的健康状况。所以签到很重要,但它们只提供了正在发生的事情的一个快照。我们没有每天监控自己健康状况的习惯,也没有远程监控的习惯。持续跟踪患者的生命体征有助于患者及医

利用人工智能解决石油和天然气排放挑战利用人工智能解决石油和天然气排放挑战Apr 08, 2023 pm 05:51 PM

随着应对气候危机的持续努力,以及海湾合作委员国家会致力于实现未来净零碳排放的强大势头,油气公司的当务之急变得前所未有的重要。从区域上看,油气行业通过直接上游、中游和下游(范围1)、间接能源(范围2)和其他间接排放(范围3),占整个油气行业温室气体排放量的9%。仅仅向低碳替代能源过渡还不足以确保所需的减排,而永久解决这一问题需要与一种不同于其他技术的有影响力的技术——人工智能(AI)相结合。尽管净零路线伴随着即时的时间限制,但油气公司可以在乐观的情况下采用以技术为主导的方法。毕竟,在最近的突破性行

物联网的核心和基础是啥物联网的核心和基础是啥Jul 20, 2022 pm 03:54 PM

物联网的核心和基础是“互联网”。物联网即“万物相连的互联网”,是在互联网基础上延伸和扩展的网络,将各种信息传感设备与网络结合起来而形成的一个巨大网络,实现任何时间、任何地点,人、机、物的互联互通。物联网是一个基于互联网、传统电信网等的信息承载体,它让所有能够被独立寻址的普通物理对象形成互联互通的网络。

物联网的核心技术是什么物联网的核心技术是什么Jul 28, 2022 am 11:29 AM

物联网的核心技术是:1、射频识别技术,通过无线电信号识别特定目标并读写相关数据的无线通讯技术;2、网络通信技术,机器与机器之间能够在无人为干预的情况下进行及时的通信和操作;3、GPS技术,可以和无线通讯技术相结合,在物流智能化、智能交通中占据重要作用;4、计算机技术,检测数据后上传至环境监控云平台就是运用了计算机技术;5、传感器技术,可以应用在测试领域、智慧农业领域等等。

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Tools

SAP NetWeaver Server Adapter for Eclipse

SAP NetWeaver Server Adapter for Eclipse

Integrate Eclipse with SAP NetWeaver application server.

PhpStorm Mac version

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

DVWA

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment