Weekly IoT Worries: Insecure Components
The Internet of Things (IoT) and all of its related categories, like BioMed, ISC/SCADA, and the like, is a sector fraught with security problems. One of the more significant issues most connected devices face is the commonplace use of insecure and outdated components and software libraries. They are specifically caused by the use of deprecated or insecure software libraries and hardware components that could lead to the device being compromised.
Connected Devices are explicitly designed to be affordable, easy to set up, and even easier to use. This works great when a new device shows up. It can be thrown on a network with little to no setup and begin working. But to accomplish this ease-of-use, the manufacturers have to purposely enable protocols and services that are not strictly necessary and often vulnerable to attack. This problem was covered in our second week’s Weekly IoT Worries blog called Insecure Network Protocols
The other prominent design feature of most connected devices is affordability. This means making a functional device for as little material cost as possible. Now, whether these cost-savings are passed along to the consumer is an entirely different matter that this blog will not cover. However, this cost-saving action means for the consumer of these devices is that many are built and shipped with insecure and outdated components – both software and hardware.
The overall security of IoT devices, and the ecosystem that supports them, may be compromised using vulnerabilities in off-the-shelf third-party software components or deprecated software dependencies. Alternatively, hardware components originate from uncertain or compromised supply chains. These factors can cause the IoT devices affected to be vulnerable to known zero-day or even patched vulnerabilities.