The paper considers the problems securing of protection of access to IoT-devices and their networks. A study by Microsoft experts, who found that the biggest problems in IoT networks are related to network-level security, was analyzed. The presence of a large number of insufficiently protected devices facilitates DDoS-attacks, in which home devices can be used to attack corporate systems. The main reason for the failure of IoT component manufacturers to implement security features is the high computational costs that reduce the service life of device batteries. HPE (Hewlett Packard Enterprise) experts recommend paying attention to both device owner issues and developer issues, and provide some tips on setting up IoT devices. HPE experts have identified about 25 different vulnerabilities in each of the studied devices (TVs, door locks, household scales, home security systems, electrical outlets, etc.) and their mobile and cloud components, compiled a list of major vulnerabilities and made a disappointing conclusion: a safe ecosystem IoT does not exist today. The statistics of attacks on IoT devices recorded during the last 2 years with the help of honeypots, collected by Kaspersky Lab specialists, are considered. It turned out that the number of attacks increases with the number of IP addresses. A list has been compiled of the countries with the highest number of attempted attacks. The largest number of attacks came from China and Brazil. The list of threats provided by Trend Micro is considered. The most common attack technologies, which can cause significant damage, are analyzed. Such technologies include: amplification, change of route information, selective mailing, bottomless funnel Sinkhole Attack, shamanic attack Sybil attack, wormhole attack Wormhole attack, flood attack HELLO flood attack. The list of basic recommendations for security in the IoT system is presented, namely: password protection, use of separate networks, refusal of automatic connection to the network. Keywords: Internet of Things (IoT), industrial devices of the Internet of Things (IIoT), inter-machine interaction (M2M), smart home, smart city, information security (IS), DDoS-attack.
Read full abstract