As the Internet of Things (IoT) continues to grow and more everyday devices gain the ability to send and receive data, securing those devices (and the networks they’re on) becomes a daunting challenge. Additional connected infrastructure means additional vulnerabilities for cyber criminals to potentially exploit. The physical nature of IoT devices creates another potential vulnerability. Without a robust physical security strategy, hackers could gain access to a network through an IoT device and perhaps the entire system. But let’s drill down and focus on what physical attacks look like and how physical security can protect IoT infrastructure from exploits.
There are two main categories of physical security attacks: non-invasive and invasive. A non-invasive attack can only be carried out when a hacker is within a small physical distance. Once they’re that close they can scan a device’s processor, learn its specs, alter its programming and copy any important information that’s present. An invasive attack is when the processor is physically manipulated in some way and involves the chip being visible and exposed.
There are even more subcategories of attacks within the invasive and non-invasive categories:
- Side channel analysis (non-invasive)
- Tamper attack (invasive)
- Fault injection attack (invasive or non-invasive)
- Power/clock/reset
- Optical, electromagnetic fault injection (invasive or non-invasive)
- Frequency/voltage (invasive)
There’s a hierarchy among the main avenues attackers can pursue, with software being the easiest to exploit, followed by lifecycle and communication vulnerabilities, and finally physical vulnerabilities. Because physical vulnerabilities are the most difficult to exploit, spending money to add additional physical security used to be uncommon. However, in recent years overall security has improved, leading attackers to refocus on exploiting physical vulnerabilities. The recent rise in IoT devices, a proliferation of cyber tools attackers can use and less expensive technology make physical security more important than ever.
Thankfully, physical security isn’t just restricted to a physical solution. There are all sorts of hardware and software solutions designed to neutralize these attacks. The latest security solutions can introduce physical resilience and system safety functionality to an IoT device without sacrificing performance, and yesterday’s catastrophic breaches can be limited in scope now thanks to anti-tampering technology.
Any breach is potentially a costly event. That’s why selecting the right physical security solutions to deploy within an IoT ecosystem is so important.
For questions about physical security and how it can protect your customers’ IoT infrastructure, email the security experts at Ingram Micro.