IoT Security Issues

Introduction 1 Part I: Making Sense of the Hype Chapter 1 – The Consumer Internet of Things 5 A Wave of Technology, or a Wave of Hype 5 IoT Skeptics and the Role of Security Issues 6 The Internet of No-thing 7 Where are these IoT devices? 8 Why the ambiguity in IoT uptake? 9 The Media and Marketing Hype 9 Lack of Killer Applications 11 There be Monsters 11 Buying Secure IoT Devices? 12 Making Things That Just Work 16 Is this a consumer Internet of things? 16 Skepticism, but the future looks bright 17 Consumer Trust – or Lack of It 19 Losing Control? 19 Toys for the Rich 21 IoT isn’t DIY 22 Is Security a Major Inhibitor? 23 Part II: Security Chapter 2 – It’s Not Just About the Future 27 Looking back to move forward 27 Security by Design 29 Data Mobile Networks 30 A Confluence of New Technologies 32 Basic Security Practices 34 Chapter 3 – Flawed, Insecure Devices 35 Why are so many insecure devices on the market? 35 A Manufacturer’s Perspective 35 The Device Production Cycle 36 Software development in an agile market 37 Clash of Cultures 37 Developers and the Security Puzzle 38 Reputational loss 40 Chapter 4 – Securing the Unidentified 43 The Scale of the Problem 44 What Type of Devices to Secure? 44 Unplanned Change 44 The Consumer’s View on Security 45 Chapter 5 – Consumer Convenience Trumps Security 49 Plug n’ Pray 49 Easy install – no truck rolls 51 Convenient but insecure 51 Many home networks are insecure? 53 Customer Ignorance 53 Chapter 6 – Startups Driving the IoT 55 Installing IoT Devices 56 Security knowledge is lacking 56 Chapter 7 – Cyber-Security and the Customer Experience 57 Pushing Security onto the Consumer 58 Industry regulations and standards – where are they? 58 The home ecosystem 59 Security negativity 60 Security Anomalies 61 What device can be trusted 61 Chapter 8 – Security Requirements for the IoT 65 Why security issues arise 65 Security and product confidence 66 Me-too manufacturing 66 Cutting development costs 67 Security is not an extra 67 Loss of product trust 68 Designing appropriate security 69 Chapter 9 – Re-engineering the IoT 71 Comparing Apples and Oranges 73 The Bluetooth lock saga 74 Device vulnerabilities and flaws 75 Flawed firmware 76 Code re-use 76 The issue with open source 77 Chapter 10 – IoT Production, Security and Strength 79 Manufacturing IoT Devices 80 ODM design 81 The tale of the Wi-Fi Kettle 83 Push Vs. pull marketing 83 Chapter 11 – Wearable’s – A New Developer’s Headache 85 IoT by stealth 87 The consumer IoT conundrum 90 Designing in Vulnerabilities 91 Passwords are the problem 93 Why are cookies important? 94 Chapter 12 – New Surface Threats 97 Hacking IoT Firmware 97 Part III: Architecting the Secure IoT Chapter 13 – Designing the Secure IoT 107 IoT from an Architect’s View-Point 109 Modeling the IoT 109 IoT communication patterns 111 First IoT design principles 113 Chapter 14 – Secure IoT Architecture Patterns 117 Event and data processing 118 Chapter 15 – Threat Models 121 What are threat models? 121 Designing a threat model 122 6 steps to threat modeling 122 Advanced IoT threats 124 Devices 124 Networks 125 Infrastructure 127 Interfaces 127 Part IV: Defending the IoT Chapter 16 – Threats, Vulnerabilities and Risks 131 IoT threats & counter-measures 131 Chapter 17 – IoT Security Framework 135 Introduction to the IoT security framework 135 Chapter 18 – Secure IoT Design 141 IoT Network Design 145 IoT protocols 148 The IoT Stack 149 Link layer 150 Adaption layer 152 IPv6 & IPsec 154 Routing 154 Messaging 157 Chapter 19 – Utilizing IPv6 Security Features 159 Securing the IoT 162 Confidentiality 162 Integrity 162 Availability 163 Link layer 164 Network layer 164 Transport layer 165 Network security 165 Part V: Trust Chapter 20 – The IoT of Trust 169 Trust between partners – there isn’t that much about 170 IBM Vs. Microsoft 171 Apple vs. Samsung 171 Uber Vs Crowdsources drivers 172 Manufacturer and customer trust model 172 Dubious toys 173 Kids play 174 Chapter 21 – It’s All About the Data 175 Appropriating data 176 The Data Appropriators 177 Where is the fair barter? 178 Trust by design 179 Chapter 22 – Trusting the Device 185 Hacking voicemail 188 Unethical phone hacking 189 Chapter 23 – Who Can We Trust? 191 Free is an Earner 193 Pissing into the Tent 193 IoT Trust is Essential 194 The Osram debacle 194 LIFX’s another Hack? 195 Balancing Security and Trust 196 So, Who Can We Trust? 196 Open Trust Alliance 197 Part VI: Privacy Chapter 24 – Personal Private Information (PIP) 201 Why is the Privacy of our Personal Information Important? 201 Collecting Private Data 204 Data is the New Oil, or Is It? 204 Attacks on data privacy at Internet scale 205 Young and Carefree 206 Can we Control our Privacy? 207 Ad-blockers – They’re Not What They Seem 207 Google and the dubious ad blockers 208 Privacy Laws Around the Globe 208 United States of America 209 Germany 210 Russia 211 China 211 India 212 Brazil 212 Australia 213 Japan 213 UK (Under review) 213 Different Laws in Countries – What Possibly Could Go Wrong 214 Facebook’s EU Opt-out Scandal 214 Chapter 25 – The U.S. and EU Data Privacy Shield 217 When privacy laws collide 219 Losing a Safe Harbor 219 After the closure of the Safe Harbor 220 Model and Standard Contractual Clauses 220 The new EU – US Privacy Shield 220 New shield or old failings 221 Contradictions on privacy 222 Leveraging the value of data 224 Part VII: Surveillance, Subterfuge and Sabotage Chapter 26 – The Panopticon 229 The good, the bad and the ugly 229 Home surveillance 229 Law enforcement – going dark 231 Dragnet Exploits 233 The 5-Eyes (FVEY) 235 PRISM 237 Mastering the Internet 241 Project TEMPORA 241 XKEYSTORE 243 Windstop 244 MUSCULAR 244 INCENSER 246 Encryption in the IoT 249 The Snooper’s charter 251 Nothing to hide nothing to fear 254 Its only metadata 255 Index 257