Description
Book SynopsisIoT Security Issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things. This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is e
Table of Contents Introduction | 1
Part I: Making Sense of the Hype
Chapter 1 – The Consumer Internet of Things | 5
A Wave of Technology, or a Wave of Hype | 5
IoT Skeptics and the Role of Security Issues | 6
The Internet of No-thing | 7
Where are these IoT devices? | 8
Why the ambiguity in IoT uptake? | 9
The Media and Marketing Hype | 9
Lack of Killer Applications | 11
There be Monsters | 11
Buying Secure IoT Devices? | 12
Making Things That Just Work | 16
Is this a consumer Internet of things? | 16
Skepticism, but the future looks bright | 17
Consumer Trust – or Lack of It | 19
Losing Control? | 19
Toys for the Rich | 21
IoT isn’t DIY | 22
Is Security a Major Inhibitor? | 23
Part II: Security
Chapter 2 – It’s Not Just About the Future | 27
Looking back to move forward | 27
Security by Design | 29
Data Mobile Networks | 30
A Confluence of New Technologies | 32
Basic Security Practices | 34
Chapter 3 – Flawed, Insecure Devices | 35
Why are so many insecure devices on the market? | 35
A Manufacturer’s Perspective | 35
The Device Production Cycle | 36
Software development in an agile market | 37
Clash of Cultures | 37
Developers and the Security Puzzle | 38
Reputational loss | 40
Chapter 4 – Securing the Unidentified | 43
The Scale of the Problem | 44
What Type of Devices to Secure? | 44
Unplanned Change | 44
The Consumer’s View on Security | 45
Chapter 5 – Consumer Convenience Trumps Security | 49
Plug n’ Pray | 49
Easy install – no truck rolls | 51
Convenient but insecure | 51
Many home networks are insecure? | 53
Customer Ignorance | 53
Chapter 6 – Startups Driving the IoT | 55
Installing IoT Devices | 56
Security knowledge is lacking | 56
Chapter 7 – Cyber-Security and the Customer Experience | 57
Pushing Security onto the Consumer | 58
Industry regulations and standards – where are they? | 58
The home ecosystem | 59
Security negativity | 60
Security Anomalies | 61
What device can be trusted | 61
Chapter 8 – Security Requirements for the IoT | 65
Why security issues arise | 65
Security and product confidence | 66
Me-too manufacturing | 66
Cutting development costs | 67
Security is not an extra | 67
Loss of product trust | 68
Designing appropriate security | 69
Chapter 9 – Re-engineering the IoT | 71
Comparing Apples and Oranges | 73
The Bluetooth lock saga | 74
Device vulnerabilities and flaws | 75
Flawed firmware | 76
Code re-use | 76
The issue with open source | 77
Chapter 10 – IoT Production, Security and Strength | 79
Manufacturing IoT Devices | 80
ODM design | 81
The tale of the Wi-Fi Kettle | 83
Push Vs. pull marketing | 83
Chapter 11 – Wearable’s – A New Developer’s Headache | 85
IoT by stealth | 87
The consumer IoT conundrum | 90
Designing in Vulnerabilities | 91
Passwords are the problem | 93
Why are cookies important? | 94
Chapter 12 – New Surface Threats | 97
Hacking IoT Firmware | 97
Part III: Architecting the Secure IoT
Chapter 13 – Designing the Secure IoT | 107
IoT from an Architect’s View-Point | 109
Modeling the IoT | 109
IoT communication patterns | 111
First IoT design principles | 113
Chapter 14 – Secure IoT Architecture Patterns | 117
Event and data processing | 118
Chapter 15 – Threat Models | 121
What are threat models? | 121
Designing a threat model | 122
6 steps to threat modeling | 122
Advanced IoT threats | 124
Devices | 124
Networks | 125
Infrastructure | 127
Interfaces | 127
Part IV: Defending the IoT
Chapter 16 – Threats, Vulnerabilities and Risks | 131
IoT threats & counter-measures | 131
Chapter 17 – IoT Security Framework | 135
Introduction to the IoT security framework | 135
Chapter 18 – Secure IoT Design | 141
IoT Network Design | 145
IoT protocols | 148
The IoT Stack | 149
Link layer | 150
Adaption layer | 152
IPv6 & IPsec | 154
Routing | 154
Messaging | 157
Chapter 19 – Utilizing IPv6 Security Features | 159
Securing the IoT | 162
Confidentiality | 162
Integrity | 162
Availability | 163
Link layer | 164
Network layer | 164
Transport layer | 165
Network security | 165
Part V: Trust
Chapter 20 – The IoT of Trust | 169
Trust between partners – there isn’t that much about | 170
IBM Vs. Microsoft | 171
Apple vs. Samsung | 171
Uber Vs Crowdsources drivers | 172
Manufacturer and customer trust model | 172
Dubious toys | 173
Kids play | 174
Chapter 21 – It’s All About the Data | 175
Appropriating data | 176
The Data Appropriators | 177
Where is the fair barter? | 178
Trust by design | 179
Chapter 22 – Trusting the Device | 185
Hacking voicemail | 188
Unethical phone hacking | 189
Chapter 23 – Who Can We Trust? | 191
Free is an Earner | 193
Pissing into the Tent | 193
IoT Trust is Essential | 194
The Osram debacle | 194
LIFX’s another Hack? | 195
Balancing Security and Trust | 196
So, Who Can We Trust? | 196
Open Trust Alliance | 197
Part VI: Privacy
Chapter 24 – Personal Private Information (PIP) | 201
Why is the Privacy of our Personal Information Important? | 201
Collecting Private Data | 204
Data is the New Oil, or Is It? | 204
Attacks on data privacy at Internet scale | 205
Young and Carefree | 206
Can we Control our Privacy? | 207
Ad-blockers – They’re Not What They Seem | 207
Google and the dubious ad blockers | 208
Privacy Laws Around the Globe | 208
United States of America | 209
Germany | 210
Russia | 211
China | 211
India | 212
Brazil | 212
Australia | 213
Japan | 213
UK (Under review) | 213
Different Laws in Countries – What Possibly Could Go Wrong | 214
Facebook’s EU Opt-out Scandal | 214
Chapter 25 – The U.S. and EU Data Privacy Shield | 217
When privacy laws collide | 219
Losing a Safe Harbor | 219
After the closure of the Safe Harbor | 220
Model and Standard Contractual Clauses | 220
The new EU – US Privacy Shield | 220
New shield or old failings | 221
Contradictions on privacy | 222
Leveraging the value of data | 224
Part VII: Surveillance, Subterfuge and Sabotage
Chapter 26 – The Panopticon | 229
The good, the bad and the ugly | 229
Home surveillance | 229
Law enforcement – going dark | 231
Dragnet Exploits | 233
The 5-Eyes (FVEY) | 235
PRISM | 237
Mastering the Internet | 241
Project TEMPORA | 241
XKEYSTORE | 243
Windstop | 244
MUSCULAR | 244
INCENSER | 246
Encryption in the IoT | 249
The Snooper’s charter | 251
Nothing to hide nothing to fear | 254
Its only metadata | 255
Index | 257
