Cyber-Attacks on Internet of Things (IoT) Devices, Attack Vectors, and Remedies: A Position Paper

Abstract

With the upgrade of ICT infrastructure at a rocketed pace, diversification of applications and involvement of the Internet have increased. This evolution has led to the production, development, and implementation of various smart software/hardware solutions in multiple dimensions to make the process faster, smooth, accessible, and inclusive. The story of IoT (Internet of things) is a game-changer in several fields at different levels, starting from an office to home and industries. The term IoT was coined in 1999 by Kevin Ashton, since then it has seen an exponential growth, and now it has become ubiquitous. IoT may be summarized as the group of interrelated/interconnected devices embedded with sensors, software, actuator, and technology over the network for exchanging the data over the Internet without human involvement. Like any other technology, IoT has its pros and cons. In the last decade, cyber criminals have exploited many attack vectors, several of which can be used to exploit and launch attacks on IoT devices too. IoT attacks have increased substantially over the years, and there has been a jump of 900% in such attacks in 2019. Due to various constraints, IoT solutions don’t possess traditional security solutions or mechanisms to identify anomalies. Multiple security issues in IoT devices are persistent because of the limitation of computational power, hardware, and storage. These limitations make IoT devices more prone to cyber-attacks. IoT cyber-attacks are ranging from DDoS, MITM, brute-forcing, eavesdropping, privilege scaling to more sophisticated ransomware attacks and many more. This chapter will discuss multiple cyber-attacks, their mechanisms and TTPs, along with their impact on IoT infrastructure. This will also include security flaws that were exploited and related challenges in a holistic way at a single place. Statistical data leading to trend analysis along with shares of various attack campaigns shall also be highlighted in this study to give the readers more insight. In order to overcome these issues, remedial measures and mitigation policies will also be discussed.