Menu
Over 90% of data transactions on IoT devices are unencrypted

Over 90% of data transactions on IoT devices are unencrypted

A report from Zscaler reveals some troubling facts about the risks posed by network-connected IoT devices

A new report that looked at millions of connections from Internet of Things devices present on enterprise networks found that over 40 per cent of them do not encrypt their traffic.

This means a large number of such devices are exposed to man-in-the-middle (MitM) attacks where hackers in a position to intercept traffic can steal or manipulate their data.

The new report released by network security firm Zscaler is based on telemetry data collected from the company's cloud. It covers over 56 million IoT device transactions from 1,051 enterprise networks over the course of a month.

From the data, Zscaler identified 270 different IoT profiles from 153 device manufacturers.

The devices included IP cameras, smart watches, smart printers, smart TVs, set-top boxes, digital home assistants, IP phones, medical devices, digital video recorders, media players, data collection terminals, digital signage media players, smart glasses, industry control devices, networking devices, 3D printers and even smart cars.

The most common were set-top boxes used for video decoding. These accounted for over 50 per cent of the observed devices and were followed by smart TVs, wearables and printers.

However, it was data collection terminals that generated the largest amount of outbound data transactions -- over 80 per cent.

The biggest finding was that 91.5 per cent of data transactions performed by IoT devices in corporate networks were unencrypted. As far as devices go, 41 per cent did not use Transport Layer Security (TLS) at all, 41 per cent used TLS only for some connections and only 18 per cent used TLS encryption for all traffic.

Devices that don't encrypt their connections are susceptible to various types of MitM attacks.

An attacker who gained access to the local network -- for example through a malware attack -- could use Address Resolution Protocol (ARP) spoofing or could compromise a local router and then intercept IoT traffic to deliver malicious updates or to steal credentials and data sent in plain text.

High use of consumer IoT devices on corporate networks

Deepen Desai, VP of security research and operations at Zscaler, tells CSO that one of the worrying observations was that companies have a large amount of consumer-grade IoT devices on their networks.

This highlights the problem of shadow IT, where companies have a hard time controlling what electronic devices their employees connect to the network, from wearables to cars.

Organisations should have a solution in place to constantly scan the network and identify such shadow devices and then create a policy where such devices are only allowed to connect to a separate non-critical network segment, Desai says.

That's because another common problem observed by Zscaler was that most IoT devices are connected to the same network as business-critical applications and systems. If one of the IoT devices is compromised, attackers can then target all other systems.

That actually goes both ways: If an attacker compromises a workstation or employee laptop with malware, they can then potentially gain access to an IoT device on the same network.

While a malware infection on a regular computer is likely to be detected sooner or later, an IoT compromise is much harder to discover, giving attackers a stealthy backdoor into the network.

According to Desai, Zscaler has seen some cases where enterprise IoT devices were exposed directly to the internet, such as surveillance cameras, but the numbers are very low compared to the overall number of IoT devices present inside corporate networks.

Devices connected directly to the internet are certainly at higher risk of being attacked, but those inside local networks would not be difficult to compromise, either.

While analysing IoT malware infections, Zscaler observed many devices with weak or default credentials, or which had known security flaws. That's because many IoT devices don't have automatic updates and their users rarely check and deploy updates manually.

The Zscaler researchers also observed that many of them use outdated libraries with known vulnerabilities.

The company detects an average of 6,000 IoT transactions per quarter that are the result of malware infections. The most common malware families that target such devices are Mirai, Rift, Gafgyt, Bushido, Hakai and Muhstik.

These botnets typically spread by brute-forcing login credentials or by exploiting known vulnerabilities in their management frameworks.

"The rapid adoption of these IoT devices has opened up new attack vectors for cyber-criminals," Desai says. "IoT technology has moved more quickly than the mechanisms available to safeguard these devices and their users.

"The fact is that there has been almost no security built into most of the consumer grade IoT hardware devices that have flooded the market in recent years, and some of these devices are also found in the enterprise networks."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags zscalerInternet of Thingssecurity

Featured

Slideshows

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Reseller News has honoured the leading female front runners of the New Zealand ICT industry at the 2019 Women in ICT Awards (WIICTA) in Auckland. The awards recognised standout individuals across six categories, spanning Entrepreneur, Rising Star, Shining Star, Community, Technical and Achievement. Photos by Gino Demeer.

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA
Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Show Comments