White paper : Security of the Internet of Things

Mis en ligne par : MAURANGES-DALMAYRAC Isabelle

vendredi 21 avril 2017

After appearing with the first smartphones, connected devices have gradually become more widespread: in 2020, there will be between 50 and 80 billion connected objects on the market worldwide, generating a total $8,900 billion of added value, i.e. more than 10% of the gross world product1. This intense race for innovation has been welcomed by both private individuals and professionals who are intending to measure, connect and automate everything in order to create or significantly improve the associated services. But behind this enthusiasm it seems suppliers have often neglected the security of connected devices and their infrastructures in favour of their insatiable appetite for innovation. For whilst connected objects share similarities with the computers we use every day, they undoubtedly share the same habit of exposing a great number of vulnerabilities. The much-publicised flaw which enabled hackers to remotely control a car via its radio system, brought to light the safety risks associated with connected solutions2. The recent hacking demo of a connected thermostat during the DEF CON 20163 is another example of the new types of threats that are most likely to develop. Researchers managed to remotely jeopardise the thermostat and disable it, forcing its owners to pay a ransom to regain access. Such a cyber-attack scenario could happen soon, since in France in 2015 an estimated 400,000 attacks were involved implementing ransomware, cyber-criminals’ new cash cow4. It’s not just about assessing security risks and threats anymore: it’s high time we started thinking, defining and implementing a holistic approach to the security of connected solutions. These past few months, a number of initiatives offering security models, guides and policies for the Internet of Things (IoT) have been undertaken: white papers by GSMA5, ENISA6, ARCEP7, IoT guides by OWASP8, etc. Like in any emerging area, time will see a good, commonly-accepted practice which will help define a common base for the security of connected objects and their ecosystems, as is the case for traditional IT security, of which IoT is becoming a continuously growing extension. By gathering records from connected object security experts, Digital Security’s white paper illustrates its aim: providing an accurate description of the overall security of connected objects. After defining and presenting the IoT ecosystem and giving a comprehensive review of its security, several potential attack scenarios were drawn up to raise awareness in the market. A list of the main technical recommendations to implement in order to improve IoT security is also available. Aside from this necessary awareness, Digital Security started drafting a certification programme for IoT security in order to establish an essential landmark to encourage development of the IoT market in a climate of trust. Thomas Gayet, Director of the CERT-UBIK

Télécharger : 2017_DigitalSecurity ...