Light Dark
February 9, 2015 By Diana Kelley 3 min read
Intelligence & Analytics

The other day, a colleague was musing about whether we need new security tools for the Internet of Things (IoT). If a watch or car navigation console runs Android 5.0 (Lollipop) or apps from the Google Play Store that use a cellular or Wi-Fi connection, what makes securing those devices different from securing an Android tablet?

Not a lot. Though some threat models may differ (for example, a tablet can be taken with you, while the console in the car is fixed in place), the underlying core architectural components — platform, network communication and applications — are the same. Analyzing an Android app for vulnerabilities may depend on the Android version, but in general, if the app is using an insecure transmission on the tablet, it is using it on the watch, too. Enterprises are maturing their mobile device protection programs by implementing stronger controls, including mobile app reporting analysis, mobile application and policy management and aggregation of mobile device log data into the corporate security information and event management (SIEM) the security operations center.

‘IoT’ Is a Broad Term

At the end of George Orwell’s “Animal Farm,” the Seven Commandments of Animalism are reduced to one: “All animals are equal, but some animals are more equal than others.” While that sentiment is rather depressing in the context of Orwell’s allegory, it’s quite apt for the IoT because not all devices and applications in the IoT world are equal.

The exact definition of what constitutes the “T” in the IoT world is still in flux, but IBM has posited an IoT framework that draws a distinction between smart devices (such as tablets, phones and watches running Android or iOS and loaded with mobile apps from Google Play or the App Store) and other “things,” such as pacemakers and oil level sensors in cars. This is illustrated in the graphic below:

While it’s true the “things” at the top need some kind of operating system (OS) and application software that communicates with a local or public network, there is no requirement that these “things” run a full-blown version of iOS or Android. This means standard enterprise mobile application and policy management agents won’t run on them.

Testing mobile apps is fairly straightforward. Download the app from the Play or App Store and run it through an analyzer. However, IoT apps running on the “things” may not be freely available for testing and may not be testable with analyzers designed to assess Android or iOS apps.

Watch the on-demand webinar to learn more about securing the internet of things

The Propriety Problem

Remember the early days of cell phones, when there seemed to be as many OSs as there were phone manufacturers? The splintered OS issue is alive and well in the IoT today. In addition to iOS and Android, there are competing systems for IoT dominance, including Ubuntu, mBed and Contiki — not to mention vendors that are writing their own custom OS for very small “things” and sensors.

Application testing and protection agents are purpose-built for a platform, which means vendors need to create a specialized version for each OS. While this isn’t an impossible task, it requires significant investment that may not be cost-justified. With so many IoT OS options, strategic vendors will have to wait to see which ones gain market share before they develop security solutions for them.

How about monitoring the data and communications from those things and apps? Proprietary app logs don’t need to follow a standard format, which could mean new parsers and rule sets for SIEMs. The same goes for unique communications protocols. This is already a reality in the industrial control systems space, where protocols such as DNP3 and Modbus are used.

Other must-haves for security, such as the ability to discover devices, manage them remotely and interconnect with them via networking and data exchange, are equally up in the air, with at least six different groups working on standards.

Time Will Tell

The IoT is broader than smart devices running iOS and Android, and new security solutions, or versions of existing solutions, will need to be created to extend security controls and monitoring. However, until the market shakes out and winners emerge in the OS and standards race, it will be hard for security vendors to know which platforms and protocols to build for.

In the meantime, there is a lot you can do, starting with designing your IoT sensors, instruments, applications and hardware with security in mind.

 |  |  |  |  |  |  | 
Diana Kelley
Executive Security Advisor, IBM Security

More from Intelligence & Analytics
October 30, 2023

Hive0051’s large scale malicious operations enabled by synchronized multi-channel DNS fluxing

12 min read - For the last year and a half, IBM X-Force has actively monitored the evolution of Hive0051’s malware capabilities. This Russian threat actor has accelerated its development efforts to support expanding operations since the onset of the Ukraine conflict. Recent analysis identified three key changes to capabilities: an improved multi-channel approach to DNS fluxing, obfuscated multi-stage scripts, and the use of fileless PowerShell variants of the Gamma malware. As of October 2023, IBM X-Force has also observed a significant increase in…

September 12, 2023

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

September 7, 2023

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature