Did you know that the standard router used in homes and by thousands of small businesses is the most frequently attacked IoT device? James Willison, Project and Engagement Manager, IoT Security Foundation, explores the issue and reveals an ongoing Foundation initiative designed to better secure devices.
Few of us realize that our Internet connection relies on the strength of our router’s security. Much of what we depend on in our modern lives enters our homes and businesses through this box near the front door. We pay attention to our front door and try to make sure it’s locked and locked, but what about that box provided by the broadband provider?
Well, I’m sorry to warn you that this is the most targeted IoT device – if an attacker can control it, then it’s really over for the rest of your home and small business. Software company Symantec reported that 75% of all IoT attacks involve infected routers, with 15% against webcams, which also concerns some of us! Of course, everything goes through the trust box at the front door.
So, although your home is built on solid ground and the physical foundation is strong, the internet connection is unlikely to be as strong as you think. There are people coming into your house and you have opened the door to them. In the lyrics of the song, “Who are you? I really want to know!”
Our problem is that we don’t regularly ask this question about our networks because we assume our broadband provider handles it for us. While they of course take care of security at various levels, there are many things on our networks that are simply not secure that we should be concerned about.
I have been aware of IoT security issues in home, small business and enterprise for quite some time as I have worked closely with my good friend and colleague Sarb Sembhi for many years. It was when I met Dr. Nick Allott in November 2018 that I became more aware of the seriousness of the problem, as he explained to me that most of the home routers we use today are not secure. and that the devices they manage have little or no security. That is. Not to mention other complications like wireless extenders, smart speakers, and apps on your network to add to the mix.
Join the project to help protect home networks
The good news is that for over two years Nick’s company, NQuiring minds, has led an Innovate UK consortium of partners including the University of Oxford’s Cybersecurity Center, CISCO, the IOT Security Foundation and recently BT to develop a range of solutions to improve the situation. . The project is called “manysecured” and its goals are to detect and protect against IoT vulnerabilities on the router and the network. It is a true international collaboration based on open source software and has attracted interest from NIST and the US government, CISA. I had the privilege of joining the project in March this year, and we seek to involve other professional stakeholders such as IoT manufacturers and security professionals.
I am confident that given the collaborative nature of the various solutions that make up the many secure projects, the prototype will be launched at the IoT Security Foundation conference on October 5th.
Essentially, there are five functions within the Project Special Interest Group.
- The first produced a set of requirements for ISPs to ensure best practices for the router itself.
- The second offered a secure user internet browser that will help you when connecting and configuring your router
- The third seeks to identify devices on your network. This includes describing what they are. We are looking for IoT manufacturers to help us with this task. Many of our readers have actively sought to develop the cybersecurity of physical security devices and systems and so we invite you to join us in making sure we get it right.
- The fourth solution monitors security events and triggers alerts for the hub
- The fifth controls threats
More importantly, all of these processes are interoperable, so the home network is protected. It aims to address the principles of secure boot, storage and secure processing. The place of AI is important because of the volume of data and the difficulty of knowing who and what is on your network. Therefore, concepts such as “zero trust”, which Nick helpfully defined as “continuous multi-factor verification”, are fundamental. Likewise, “cognitive security,” which he summarizes as “AI based on human thought patterns to protect physical and digital devices and systems,” is a cornerstone of the project.
As security convergence is a response to IoT risks, we all need to improve the security of supply chain and enterprise physical devices and systems. If we can get the router, the front end of so many of our homes and small businesses, and therefore 90% of the environment, back to a better state than it is now, we’ll be well on our way to rebuilding that wall. which at the moment has a huge hole in it.
As JRR Tolkien wrote in The Lord of the Rings – “A gaping hole has been dug in the wall. A multitude of dark shapes poured in. The response required an alliance of several large armies for victory to be achieved. The same is needed today if we want to secure our Internet gateways and devices.
Subscribe to the weekly IFSEC Global newsletter
Enjoy the latest fire and safety news, updates and expert opinion delivered straight to your inbox with IFSEC Global’s essential weekly newsletter. Subscribe today to ensure you’re never left behind by the rapidly changing industry landscape.