The Hidden Risks of IoT Sensor Vulnerabilities

Internet of Things (IoT) sensors are probably the most common application of cyber-physical systems on the market today. These include things like connected thermostats in homes and businesses, occupancy sensors that control lights, and sensors tracking environmental measures like water quality or weather. 

IoT sensors feature strongly in smart cities, in use cases like connected traffic lights or weather-monitoring systems. Internet-accessible traffic lights can be used to manage the flow of traffic, ensuring cars and vehicles move efficiently through a city. Early warning systems for flooding or tornadoes can be used to keep emergency management professionals informed of remote weather events. 

The problem is that many of these systems are vulnerable to cyberattacks. Not that many years ago, researchers found 17 vulnerabilities in connected systems used in smart cities. Although the manufacturers repaired the vulnerabilities and issued patches, there is no telling if or when the cities using the mentioned systems deployed the fixes. 

Vulnerabilities in sensors like those in smart cities and buildings, including chemical sensors, smart traffic lights, and early warning systems, present arguably the highest potential for chaos. And that’s something that can’t be ignored. 

What are IoT Sensors and How are They Used? 

The term “sensor” in IoT refers to a connected device that’s used explicitly for monitoring something in the physical world and usually sending the data back to a central location. The development of IoT sensors for things like traffic management, early warning systems, water quality, and temperature in remote locations. 

IoT sensors feature strongly in the Utility sector, often used in water and wastewater treatment plants to monitor for water quality or chemical composition. They can be used in that context to ensure that facility input and output, as well as treatment chemicals, are kept within narrow ranges to ensure the health of the cities and towns the plants support. 

They’re also often used in building automation systems, such as to track occupancy to govern temperature changes. 

The use of these IoT sensors has grown explosively. Their increasing functionalities, small sizes, and low power consumption allow users to deploy them in new applications for higher productivity and lower costs. There are IoT sensors that detect tire pressure and whose job is to transmit that information to a driver’s car health status alerts. That’s just one of numerous novel examples of how IoT has flourished.

Recent IoT Sensor Vulnerabilities Demonstrate the Risks

IoT sensors suffer from the same issues as other connected devices. These include default passwords installed on the systems that are easily discovered, minimal security practices in the development process, and unencrypted traffic used to communicate with monitoring workstations. The lack of agreed-upon standard security practices in IoT contributes to this sort of lawless approach to device development and deployment. 

Moreover, it’s often difficult to update IoT devices even if a patch is deployed. Many connected devices can’t be patched because their operating system won’t accept any new fixes, or the system is built in such a way that trying to install a patch breaks the device. And that’s if the manufacturer deploys a patch in the first place, which doesn’t always happen. In some industries, regulation can impede easily deployed software updates, such as when medical devices must be approved in an immutable configuration before they can be used.

For example, a vulnerability in Fibaro Motion Sensors allows hackers to launch distributed denial of service (DDoS) attacks through a crafted Z-wave message. Z-wave is a wireless protocol used heavily in buildings. Fibaro sensors are common in smart home automation, but they could also be used in smaller businesses. With the ability to launch DDoS attacks, compromising these devices could impact other systems on the network and allow for lateral movement. 

More damaging is the Syrus4 IoT gateway vulnerability that could allow threat actors to take control of multiple vehicles simultaneously. As smart vehicles and the sensors within those cars become more common on the roads and interact with connected sensors in infrastructure, a vulnerability in the fleet management system could result in major consequences. 

How to Better Secure IoT Sensors 

It is vital to secure IoT sensors in our complex world. Traditional security monitoring tools often lack visibility into connected devices, and many IoT sensors don’t have the robust security controls of IT systems like workstations or servers. Organizations should implement a few practices to protect their IoT sensors against cyberattacks, which is especially vital given the limited attention device manufacturers have paid to security. 

Build a Device Inventory 

One of the first steps in securing IoT sensors is understanding what devices are connected to the network. Knowing which devices are connected to the network and to each other helps provide a richer picture of the attack surface. This means security teams can more accurately understand everything they’re protecting. A scanning solution that monitors network and communication traffic can detect and fingerprint these technologies with:

  • Hardware: manufacturer, model, serial number
  • Software: operating system, version, applications, firmware
  • Device type and function
  • Security assessment: vulnerabilities and risks

Passive scanning is often a safe way to start building the device inventory. Many IoT devices don’t respond well to active security scanning, which would complicate building an accurate inventory. 

Monitor for Anomalous Behavior

Connected sensors should only communicate with known IP addresses in ways that are well-understood. If any sensors start sending information to an unknown IP address or presenting other anomalous behavior, security teams are more likely to be able to respond to an in-progress attack. The unusual behavior could mean communicating with unknown IPs or sudden configuration changes. 

Enhance Detection and Investigation

Cyberattacks can originate from anywhere and from any point of ingress, so it behooves security teams to integrate IoT devices into security monitoring processes. Doing this for every IoT sensor in the network can enhance attack detection and investigation. When security teams receive high-fidelity alerts across an entire network, they can detect and respond to attacks faster. They also make better decisions, which could mitigate the severity of a cyberattack or limit the damage from ransomware.

When organizations employ solutions that can capture network packet data, security analysts obtain important forensic data needed to determine root causes including:

  • Traffic information from networked devices
  • Data transferred to an FTP server
  • Potential traffic to adversary’s command and control servers

The right data, a complete inventory, and the ability to monitor for behavior anomalies would be potentially huge for securing IoT sensors. 

How Asimily Helps Defend IoT Sensors 

The Asimily platform is designed expressly with IoT devices in mind. It’s built to monitor traffic to and from IoT sensors and other connected devices in addition to surfacing anomalous behavior that might indicate an attack in progress. 

Asimily provides vulnerability information on high-risk security issues with our proprietary algorithm that digests huge datasets from EPSS (Exploit Prediction Scoring System), Software Bills of Material (SBOMs), Common Vulnerability and Exposure (CVE) lists using the MITRE ATT&CK Framework. This analysis often results in fast solutions for recent vulnerabilities, enabling customers to deploy new mitigations quickly to reduce risk.  

Asimily customers also receive peace of mind from knowing what IoT systems are attached to their networks and which ones need the most defense. With this insight, as well as improved monitoring, Asimily customers can better defend their sensor implementations and the rest of their critical infrastructure. 

To learn more about Asimily, download our IoT Device Security in 2024: The High Cost of Doing Nothing whitepaper or contact us today.

IoT Device Security in 2024 The High Cost of Doing Nothing | Asimily

Reduce Vulnerabilities 10x Faster with Half the Resources

Find out how our innovative risk remediation platform can help keep your organization’s resources safe, users protected, and IoT and IoMT assets secure.