Connected watches, smart headphones, voice assistants… Connected things are now part of our daily lives, even at work. According to Palo Alto Networks, 98% of the traffic of connected objects is unencrypted. 57% of them include security vulnerabilities with the risk of remote control. In the face of these vulnerabilities, solutions exist for the designers of these objects in order to better protect them.
When talking about the Internet of Things (The Internet of things or Internet of Things), objects are often connected to the Internet and connected to at least one computer server. So the risks of the attack are manifold… Here are some illustrations with the associated solution.
The attacker intercepts data sent by employees
Personal data of employees or collaborators such as postal address, phone number or worse, bank identifiers and passwords can be used by malicious persons.
The solution is End-to-end encryption of transmitted data. This includes the integration of algorithms to make the sent message unreadable by anyone who retrieves the message. The other method is the ability to securely identify the sender and thus avoid reading the content that an attacker might send trying to replace the true sender of the message. This is free and widely distributed. To implement this type of security, every programming language is encrypted. We can mention:
This process is a prerequisite in the development of connected objects.
Also, you can use a secure connection by https with the server. This must be done systematically. The procedure to follow is very simple and well documented. On the Google Developer website, a Chrome engineer explains the step-by-step process for activating the protocol https to his servant. Concretely, this amounts to Create a private key and a public key Which allows any user to verify that the server they are connecting to is the server they think they are, and not the server of an attacker who can retrieve sensitive data.
An attacker simulates a server, and instead responds to take control of an object
The attacker can then control the company’s video surveillance camera to spy on employees and customers, lock your connected to enter the company, or simply send audio to the connected speakers.
The solution is to set up a system certificate To verify that the server you are talking to is the one you are considering. It’s a bit like ID card That we provide to prove that we are actually the one who withdraws money from the bank, for example. OpenSSL is an open source toolthat’s by saying not copyrighted (Any developer can use or contribute freely and for free). Allows creation of certificates on the fly. For companies, obtain a certificate recognized by Certification Authority It is essential to be credible in the eyes of its customers. Certificate Authority (or Certification body in English) a trusted third party Verifies the authenticity of your certificateand thus your digital identity as a company. Certification references include: Google, Cloudflare, Comodo, Digicert. However, this certificate can always be stolen, but here the problem becomes human: who distributed the private key of the certificate?
Protect from attacks by training employees
In most cases of corporate hacking, the fault is human (password left on the table, lost access badge, inattention to strangers in offices, etc.). In the Internet of Things, the scenario is identical. By default, the information systems used are secure (Internet box, computer, bank card, connected watch, connected hard disk, connected lock, etc.). However, precautions must be taken: Do not put a password on your cell phonenot to leave it somewhere after being accessed by everyone in the company or even opening your device’s internet ports… Even if this seems obvious at times, it’s not for everyone, and especially for newcomers to the company who discover, for some, Their first professional experience and the risks they take overnight. Providing information technology systems security awareness training For employees, the goal is to protect themselves from the risks of cyberattacks and potentially a significant loss of money.
So cyber security has become essential for individuals, but more than that for businesses. As a business leader, you can call upon experienced designers who can secure every element connected to your brand. Team training is also a prerequisite for raising awareness of risks and above all initiating good reactions.
(Image credit: iStock)
This text is published under the responsibility of its author. Its content does not in any way involve the editorial team at Les Echos Solutions.