Three questions network operators should ask about IoT security
By Anasia D’mello
There is no doubt that the COVID-19 pandemic put the reliability and security of communications networks under the spotlight as millions of people reverted to work, care, and learn from home, says Steve Buck, SVP product and operations, security business unit at Mobileum. Many have commented that out of necessity, the digital transformation of many industries accelerated more in the last few months than they have in the last few years.
Healthcare, for example, saw dramatic increases in telehealth adoption. The rise of the Internet of Things (IoT) has taken the acceleration of digital transformation in health one step further by supporting digital diagnostics. For example, digital thermometers that can be used to track the spread of the flu in real-time, saw a spike in usage as the pandemic spread in the US. In April, Livongo Health, a provider of remote IoT monitoring solutions for chronic diseases, raised their quarterly guidance, following the increase in adoption of their services spurred on by COVID-19.
Time to reassess security
The rise of IoT adoption has always been viewed as an exciting development in communications services. However, as the adoption of applications increases, such as health monitoring, now is the time for network providers to critically assess the network security implications of IoT devices. IoT network security is complex. Not only does it involve managing diverse hardware, firmware, operating systems, communications protocols across 3G, 4G/LTE and 5G networks, but the attack plane of your network is 100 times larger than what it was just a few years ago as millions of IoT devices are flooding the market – many with limited or outdated security firmware. And it is already happening today.
A security vulnerability in the Zigbee low-power IoT protocol that is used by Philips Hue smart lights and many other IoT products, for example, was first identified in 2017. Three years later, this same exploit still works. It begs the question every time you switch off the lights at night: is this the light bulb that may launch a distributed denial of service (DDoS) attack and bring down the network?
Added to this, IoT devices may be autonomous, roam, and applied to network slices – which will have their own level of security requirements depending on the industry use case and application. These complexities combined show that old approaches to network security are no longer adequate for IoT.
Three questions to ask yourself
Instead, three critical questions should be asked to determine how secure your network is against IoT vulnerabilities:
- How are your on-net, inbound, and outbound IoT roamers protected from signalling attacks?
- Do you know if the IoT devices are behaving as they should?
- Can you identify if a rogue device is acting in isolation or is part of a wider attack?
Each of these questions points to critical vulnerabilities and clues of nefarious IoT devices. In the case of your subscribers, if someone is driving their autonomous car on your network, you want to ensure that it is not vulnerable to attacks. Similarly, when your devices are roaming on another network, you want to make sure it is protected. This is where multi-protocol signalling firewalls are required to ensure that traffic that traverses between your 3G, 4G, and 5G networks have the proper security protections in place and that your roaming devices are steered to preferred partner networks.
Identify a rogue device
By understanding what the device is and the context of its communications, you can understand if a device is changing its behaviour or if the eSIM/SIM card or device has changed. Changes in behaviour, such as sudden spikes in traffic, can indicate that the device has been taken over by a botnet, for example. By detecting the changes in behaviour, you can identify the signature of a rogue device and use this to find more devices with the same fingerprint and potentially block them. In addition, by analysing the data the devices are sending with their mobile connectivity information, you will be able to identify if the rogue device is a lone actor or part of a wider, co-ordinated attack.
We are just in the infancy of IoT adoption, and managing these risks and vulnerabilities are only going to become more complex and on a far larger scale. According to Cisco, IoT traffic is on track to account for 50% or approximately 14.7 billion of all networked connections by 2023. This makes it more pressing for network operators to put the appropriate network security mechanisms in place to ensure they know what IoT devices are on their network, can understand the context of how they should be behaving, and can quickly determine if it is an isolated device or something more sinister.