IoT Security Issues

Introduction ; Part I: Making Sense of the Hype ; Chapter 1 -- The Consumer Internet of Things ; A Wave of Technology, or a Wave of Hype ; IoT Skeptics and the Role of Security Issues ; The Internet of No-thing ; Where are these IoT devices?;IoT Security Issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things. This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is explained. The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile SDLC software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields. Contents Introduction Part I: Making Sense of the Hype Chapter 1 – The Consumer Internet of Things A Wave of Technology, or a Wave of Hype IoT Skeptics and the Role of Security Issues The Internet of No-thing Where are these IoT devices? Why the ambiguity in IoT uptake? The Media and Marketing Hype Lack of Killer Applications There be Monsters Buying Secure IoT Devices? Making Things That Just Work Is this a consumer Internet of things? Skepticism, but the future looks bright Consumer Trust – or Lack of It Losing Control? Toys for the Rich IoT isn’t DIY Is Security a Major Inhibitor? Part II: Security Chapter 2 – It’s Not Just About the Future Looking back to move forward Security by Design Data Mobile Networks A Confluence of New Technologies Basic Security Practices Chapter 3 – Flawed, Insecure Devices Why are so many insecure devices on the market? A Manufacturer’s Perspective The Device Production Cycle Software development in an agile market Clash of Cultures Developers and the Security Puzzle Reputational loss Chapter 4 – Securing the Unidentified The Scale of the Problem What Type of Devices to Secure? Unplanned Change The Consumer’s View on Security Chapter 5 – Consumer Convenience Trumps Security Plug n’ Pray Easy install – no truck rolls Convenient but insecure Many home networks are insecure? Customer Ignorance Chapter 6 – Startups Driving the IoT Installing IoT Devices Security knowledge is lacking Chapter 7 – Cyber-Security and the Customer Experience Pushing Security onto the Consumer Industry regulations and standards – where are they? The home ecosystem Security negativity Security Anomalies What device can be trusted Chapter 8 – Security Requirements for the IoT Why security issues arise Security and product confidence Me-too manufacturing Cutting development costs Security is not an extra Loss of product trust Designing appropriate security Chapter 9 – Re-engineering the IoT Comparing Apples and Oranges The Bluetooth lock saga Device vulnerabilities and flaws Flawed firmware Code re-use The issue with open source Chapter 10 – IoT Production, Security and Strength Manufacturing IoT Devices ODM design The tale of the Wi-Fi Kettle Push Vs. pull marketing Chapter 11 – Wearable’s – A New Developer’s Headache IoT by stealth The consumer IoT conundrum Designing in Vulnerabilities Passwords are the problem Why are cookies important? Chapter 12 – New Surface Threats Hacking IoT Firmware Part III: Architecting the Secure IoT Chapter 13 – Designing the Secure IoT IoT from an Architect’s View-Point Modeling the IoT IoT communication patterns First IoT design principles Chapter 14 – Secure IoT Architecture Patterns Event and data processing Chapter 15 – Threat Models What are threat models? Designing a threat model 6 steps to threat modeling Advanced IoT threats Devices Networks Infrastructure Interfaces Part IV: Defending the IoT Chapter 16 – Threats, Vulnerabilities and Risks IoT threats & counter-measures Chapter 17 – IoT Security Framework Introduction to the IoT security framework Chapter 18 – Secure IoT Design IoT Network Design IoT protocols The IoT Stack Link layer Adaption layer IPv6 & IPsec Routing Messaging Chapter 19 – Utilizing IPv6 Security Features Securing the IoT Confidentiality Integrity Availability Link layer Network layer Transport layer Network security Part V: Trust Chapter 20 – The IoT of Trust Trust between partners – there isn’t that much about IBM Vs. Microsoft Apple vs. Samsung Uber Vs Crowdsources drivers Manufacturer and customer trust model Dubious toys Kids play Chapter 21 – It’s All About the Data Appropriating data The Data Appropriators Where is the fair barter? Trust by design Chapter 22 – Trusting the Device Hacking voicemail Unethical phone hacking Chapter 23 – Who Can We Trust? Free is an Earner Pissing into the Tent IoT Trust is Essential The Osram debacle LIFX’s another Hack? Balancing Security and Trust So, Who Can We Trust? Open Trust Alliance Part VI: Privacy Chapter 24 – Personal Private Information (PIP) Why is the Privacy of our Personal Information Important? Collecting Private Data Data is the New Oil, or Is It? Attacks on data privacy at Internet scale Young and Carefree Can we Control our Privacy? Ad-blockers – They’re Not What They Seem Google and the dubious ad blockers Privacy Laws Around the Globe United States of America Germany Russia China India Brazil Australia Japan UK (Under review) Different Laws in Countries – What Possibly Could Go Wrong Facebook’s EU Opt-out Scandal Chapter 25 – The U.S. and EU Data Privacy Shield When privacy laws collide Losing a Safe Harbor After the closure of the Safe Harbor Model and Standard Contractual Clauses The new EU – US Privacy Shield New shield or old failings Contradictions on privacy Leveraging the value of data Part VII: Surveillance, Subterfuge and Sabotage Chapter 26 – The Panopticon The good, the bad and the ugly Home surveillance Law enforcement – going dark Dragnet Exploits The 5-Eyes (FVEY) PRISM Mastering the Internet Project TEMPORA XKEYSTORE Windstop MUSCULAR INCENSER Encryption in the IoT The Snooper’s charter Nothing to hide nothing to fear Its only metadata Index

IoT Security Issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things.

This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is explained.

The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile SDLC software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields.

"IoT security issues looks at the burgeoning growth of devices of all kinds controlled over the Internet of all varieties, where product comes first and security second. In this case, security trails badly. This book examines the issues surrounding these problems, vulnerabilities, what can be done to solve the problem, investigating the stack for the roots of the problems and how programming and attention to good security practice can combat the problems today that are a result of lax security processes on the Internet of Things. This book is for people interested in understanding the vulnerabilities on the Internet of Things, such as programmers who have not yet been focusing on the IoT, security professionals and a wide array of interested hackers and makers. This book assumes little experience or knowledge of the Internet of Things. To fully appreciate the book, limited programming background would be helpful for some of the chapters later in the book, though the basic content is explained. The author, Alasdair Gilchrist, has spent 25 years as a company director in the fields of IT, Data Communications, Mobile Telecoms and latterly Cloud/SDN/NFV technologies, as a professional technician, support manager, network and security architect. He has project-managed both agile SDLC software development as well as technical network architecture design. He has experience in the deployment and integration of systems in enterprise, cloud, fixed/mobile telecoms, and service provider networks. He is therefore knowledgeable in a wide range of technologies and has written a number of books in related fields"--Back cover IoT Security Issues explores the multitude of devices controlled by the Internet, where product comes first and security second—or in some cases, last. Readers will investigate the stack to find the roots of their problems and see how good programming can combat issues stemming from lax security processes on the Internet of Things.