Iot attacks and their prevention

Download 176.97 Kb.
Hajmi176.97 Kb.
xudo xoxlasa tushadi99%, 3-labarotoriya ishi Saralash usul va algoritmlarini tadqiq qilis, cmd buyruqlari, Incremental model nima, 1matematik, word sAM 1 savol, Документ Microsoft Word (4), Ma\'ruzalar (2), ЛАБОРАТОРНАЯ РАБОТА N1, Dasturlash 2, Ariza, Qalandarova Gulshoda, 1648631455, 1650692784, 1651669892 (2)

Chunayev Norquvvat Eshquvat o‘g‘li,
Information Security Tashkent University of Information
Technologies named after Muhammad al-Khwarizmi
Tashkent, Uzbekistan

Abstract - Internet of Things (IoT) is the buzz word in today’s developing world. IoT devices are used in a multiple fields whether it is the industry, agriculture, defense, weather forecasting, or home automation. As IoT is spreading at an immense rate in various fields, the main concern is how reliable the security is? The data can be compromised as the devices are vulnerable to attackers/hackers. This can also compromise privacy and security. This article discusses IOT attacks and their prevention steps.
Keywords: IoT, IoT attacks, prevent IoT attacks.


The IoT concept was first introduced in 1990. IoT devices are interconnected with the help of the Internet, thus making them capable of interacting between the physical worlds (IoT device) and computing. Basically, this network paradigm is being called the Internet of Things (IoT) and there are many ways to define the IoT world. For example, smart devices that are connected to the Internet fall under the IoT category. IEEE describes IoT to be networks consisting of sensors and smart objects. The purpose is to interconnect “all” things, including everyday gadgets and industrial objects, in a way that makes them more intelligent, programmable, and more capable of interacting with humans [1].

Fig. 1 Internet of Things

Technological advances allow us to wirelessly connect any of our smart devices to the internet or through a port. These devices include our smart TV, watch, lights, temperature, and so on. The automation of our devices is done using the Internet of Things technology.
IoT devices usually come with embedded sensors and various other technologies that allow them to collect data from the physical environment and pass it to the base station, where people monitor the situation and perform actions accordingly.
IoT attacks
IoT devices are manufactured to fulfill the general needs of an organization; therefore, they lack strict security protocols. Attackers have been using this advantage to break into the system of an organization through any of the weak IoT devices.
IoT attacks are cyber-attacks that gain access to users' sensitive data with the help of any IoT device. Attackers usually install malware on the device, harm the device, or gain access to further personal data of the company.
For instance, an attacker may gain access to an organization's temperature control system through a security loophole in any IoT device. He can then influence the temperature of the rooms connected to the appropriate device.
As discussed, IoT devices are not built with proper security protocols. Hence, they are one of an organization's weakest links and pose a huge security threat. Following are the attacking zones where the attacks originate and compromise sensitive data:
Various parts of a device raise security threats for an organization, such as the memory, firmware, web interface, physical interface, and networking service of a device. Attackers can take advantage of these and initiate an IoT attack by finding a loophole in the device, such as an outdated component.
Channels that connect IoT devices to one another need to be secured; otherwise, an IoT attack can be easily initiated.
Applications and software connected to IoT devices also pose a threat to the security of the system. It is easy to access the IoT device by compromising the application or the software of the device.


Some of the most common IoT attacks have been listed below:
Physical tampering: Hackers can access the physical location of the devices and easily steal data from them. In addition, they can install malware on the device or break into the network by accessing the ports and inner circuits of the device.
Eavesdropping: The attacker can use a weak connection between the server and an IoT device. They can intercept the network traffic and gain access to sensitive data. Using an eavesdropping attack, the intruder can also spy on your conversations using the data of the microphone and camera IoT device.
Brute-force password attacks: Cybercriminals can break into your system by trying different combinations of common words to crack the password. Since IoT devices are made without security concerns in mind, they have the simplest password to crack.[2]
Privilege escalation: Attackers can gain access to an IoT device by exploiting vulnerabilities, such as an operating system oversight, unpatched vulnerabilities, or a bug in the device. They can break into the system and crawl up to the admin level by further exploiting vulnerabilities and gaining access to the data that can be helpful for them.
DDoS: Zombified IoT devices and botnets have made DDoS attacks easier than before. It is when a device is made unavailable to the user due to an immense traffic flow.
Man-in-the-middle attack: By exploiting insecure networks, cybercriminals can access the confidential data being passed by the device to the server. The attacker can modify these packets to disrupt communication.
Malicious code injection: Cybercriminals can exploit an input validation flaw and add malicious code to that place. The application can run the code and make unwanted changes to the program.

Fig.2 Types of IoT attacks

IoT devices are manufactured to perform basic organizational tasks. However, the organization implementing and incorporating these devices into their networks should be highly cautious of their security. Following measures can be taken to ensure device security:

  • Have strong passwords for all IoT devices. Regularly change and update them.

  • Configure the users and give access to the essential users only.

  • Enable a two-factor authentication method to prevent any unauthorized access.

  • Back up data regularly to a secondary device.

  • Encrypt data between the IoT devices and the server.

  • Place the device in a safe location to prevent any unauthorized access. We should not leave it unguarded.

  • Give users limited data and device access, as per their requirements, to ensure data confidentiality.

  • Regularly update software, application, and your operating system so that attackers cannot find a gap in your devices.

  • Schedule regular security audits to discover any potential loopholes that can compromise security.

  • Configure and detect all the devices, as well as the users connected to the devices. This ensures that the data is accounted for and prevents unwanted traffic.

  • Companies should have recovery procedures and policies that can be immediately implemented if any device is compromised.


  1. Folk, C., Hurley, D. C., and Payne, J. F. X., “The security implications of the Internet of Things,” AFCEA International Cyber Committee, Cyber City, 2015

3. Niruntasukrat, A., Issariyapat, C., Pongpaibool, P., Meesublak, K., Aiumsupucgul, P., and Panya, A., “Authorization mechanism for MQTT-based Internet of Things,” 2016 IEEE International Conference on Communications Workshops, Korea, pp. 290–295, 2016.
4. Seralathan, Y., Oh, T. T., Jadhav, S., Myers, J., Jeong, J. P., Kim, Y. H., and Kim, J. N., “IoT security vulnerability: a case study of a web camera,” 2018 International Conference on Advanced Communications Technology, Chuncheon-si Gangwon-do, 2018.
Download 176.97 Kb.

Download 176.97 Kb.

Bosh sahifa

    Bosh sahifa

Iot attacks and their prevention

Download 176.97 Kb.