More than 200 billion IoT devices will be connected by the end of 2020, according to Intel. The risks associated with IoT technologies are increasing due to the fact that they are often components with security gaps. Most IoT devices do not have built-in update systems, so vulnerabilities in these devices cannot be easily resolved.

We talked to Edgar Salazar, cybersecurity specialist and co-founder of Guayoyo, to learn more about what we are facing and how we can deal with this problem.

********

«Cyber attackers are looking for the easiest way to access our homes and businesses with the intention of stealing our data, hijacking our information or systems, interfering with our processes or damaging our reputation and thus trying to make a financial gain. IoT technology opens a way for them to gain remote access through vulnerabilities located in these technologies,» Edgar explains.

In June of this year, a set of vulnerabilities called Ripple 20 was identified. It corresponds to 19 vulnerabilities that reside in a component used in multiple IoT devices.

Ripple20 reached critical IoT devices from different industries and involving a diverse group of vendors. Affected vendors range from SMEs to multinational Fortune 500 corporations, including HP, Schneider Electric, Intel, Rockwell Automation, Caterpillar, Baxter.

Howler Monkey as a warning system for new vulnerabilities

Guayoyo developed HowlerMonkey (https://www.howlermonkey.io/) so that its customers can receive alerts of vulnerabilities that arise daily and that may affect their technologies, including IoT technologies. This allows them to take proactive actions and minimize risks.

«Many times companies invest a lot of money in securing their network perimeter, they do security exercises to understand what their risks are but, on the other hand, they keep adding emerging technologies that can then represent a problem if these are not taken into account within the umbrella of the cybersecurity team. Making all the investment made somehow look like it wasn’t worth it,» adds Edgar.

When a company adopts new technologies, it is also adopting new risks. These must be evaluated to understand the impact, possible consequences and possible controls to minimize these risks.

IoT technologies are starting to be used in many industries and sectors such as healthcare, industry, transportation, energy (oil/gas), telecommunications, retail and other industries. Exploitation of these vulnerabilities by cyber attackers can even put people’s lives at risk.

Success story. Synergy between Guayoyo and Dronfies.

This year Guayoyoyo was working together with Dronfies (a Pyxis ecosystem company that specializes in developing software and technology for drones) in the vulnerability analysis of its PortableUTM product (https://portableutm.com/). It consists of an unmanned traffic management system based on open source.

«This will undoubtedly open doors for us to perform security tests on emerging technologies, both in IoT applied to different industries or, as in this case, Flying IoT for unmanned spacecraft,» says Edgar.

Articles of interest:

https://healthitsecurity.com/news/cybersecurity-in-2020-iot-medical-devices-ransomware-legacy-os
https://www.cshub.com/iot/news/industrial-iot-concerns-worsen-as-more-devices-connect-to-the-web