Moreover, he explained that the ban on using weak passwords can serve as a “collateral
eect” on those users who frequently reuse identical passwords just because they fear to forget
it, while not understanding that such practice makes their IoT devices prone to cyberthreats.
While the law does not force users to use more passwords, however, it is expected that they
may consider doing it as an alternative.
Amit Sethi, a senior consultant from Synopsis was uncertain on the law’s impact as he is
not confident that law can add a greater degree of cybersecurity to the IoT devices. Hesaid that,
“Another issue is that the password uniqueness requirement only appears to apply to connected
devices that are “equipped with a mean for authentication outside a local area network,” Sethi
said. “This assumes that connected devices are deployed in completely trusted local area
networks, this is rarely the case in real life.”
OWASP
According to OWASP’s top 10 Internet of Things vulnerabilities, the use of secure passwords is
the top line of defense to battle the cybercriminals. The popular online community cited “easily
guessable” or weak passwords as the most serious risk to IoT devices, particularly the consumer-
oriented ones. These consumer devices include fitness trackers, smart speakers, and other IoT
devices which are used at home.
Daniel Miessler, the project lead of the OWASP research team said that it was quite easy
to list weak passwords as the number cyber risk as it was done with the agreement of all of his
team members. He explained that they found out that weak credentials often lead to remote
cyberattacks. He highlighted its impact and probability as the major factors for it being, such
an obvious choice. It is important to note that this conclusion was reached by an international
team of 16 security researchers, establishing the uniform and global threat of weak passwords
around the world.
Miessler cautioned the users that they have to be more responsible and vigilant.
Heexplained that consumers should realize the cybersecurity dynamics around IoT devices
while purchasing and installing them. While this may be a burden on them, he recommends
them that for the time being, they should know what threats are faced by their devices and how
to respond to them at the time of crisis.
Moreover, he recommended them for using secure IoT passwords for their Internet
of Things applications and devices and strictly advised against the use of default passwords.
Furthermore, he stressed that users should always update their IoT applications and devices
and make sure that the home network is isolated from the IoT systems via either a router or a
firewall.
DDoS ATTACK
Earlier, we talked about some malware which uses DDoS as part of their infection mechanism.
So how does this attack work?
A DDoS (distributed denial-of-service) attack is a cybercriminal attempt which is used for
the disruption of routine trac belonging to a network, service or server. Such an attack picks a
target and then overwhelms its infrastructure by flooding it with trac.
In order to become eective, DDoS attacks exploit more than one system and use them as
attack trac sources. These systems can include desktops, laptops, mobiles, and IoT devices.
286 Internet of Things
Internet_of_Things_CH11_pp271-308.indd 286 9/3/2019 10:16:20 AM
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.