Mike Sussman
Mike Sussman
Related Links
With the power of modern computers, it wouldn’t take too much to run a brute force attack to obtain the password
Companies need to increase the knowledge within their business on the range of cyber-vulnerabilities

At one time, embedded devices, such as access control components communicating with application software, used proprietary protocols like RS485. Use of proprietary protocols kept these devices safe from attack. However, in this article TDSi Technical Director Mike Sussman explains that the growth of the Internet of Things (IoT) involves a move toward IP-based systems and open standards that leaves modern systems, including embedded devices, more likely to be targeted by a wide range of criminals.

Cyber-Attack ‘s Impact On IoT Devices

So, what exactly are the vulnerabilities and impact on cyber-attacks on IoT devices? Let me give you one example. In a typical access control system, if someone tries to enter an invalid PIN more than four times, then the reader would be locked and an event raised upon which action can be taken. What about invalid passwords when logging in to an embedded system? I bet that the majority of systems will let you keep trying without any preventative shutdown measures in place. With the power of modern computers, it wouldn’t take too much to run a brute force attack to obtain the password and therefore gain access to the device. In fact, at the recent Mobile World Congress, a leading security expert used a brute force attack to gain access to poorly protected CCTV cameras. You might say that this doesn’t impact security; however, if I were to say that one camera was in a primary school and another monitoring retail tills and payment terminals, would this change your mind?

Adoption of policies such as Cyber Essentials, a key Government requirement for those supplying them, as well as increased security policies such as ISO27001 and membership of bodies such as the Cyber-security Information Sharing Partnership (CiSP) should be the norm for anyone working within the security field

Is Security Industry Prepared For Breach In Cybersecurity?

Do we, as an industry, address these issues? I’d say that at the moment very few companies are addressing this level of detail (but I bet some will now!). The industry is changing, and there is a lot of focus on identity fraud and preventing physical access to buildings; however, we now need to look at what can happen when people take over the access control system remotely – open doors (or even lock personnel inside). It is fairly easy to utilize “off-the-shelf” embedded processing boards and build an embedded device with no security. Unless you work within the security field you might not even think of these threats and just concentrate on the application.

Ways To Tackle Cyber-Threats

So how do we address this? Companies need to increase the knowledge within their business on the range of cyber-vulnerabilities and keep abreast with what is happening within the threat landscape. Adoption of policies such as Cyber Essentials, a key Government requirement for those supplying them, as well as increased security policies such as ISO27001 and membership of bodies such as the Cyber-security Information Sharing Partnership (CiSP) should be the norm for anyone working within the security field. Unfortunately, this is not the case.

All companies should increase their cyber knowledge and ensure that there is a security specialist within the development teams. Increased testing of embedded devices through the likes of penetration testing also helps to identify vulnerabilities and, once resolved, increases security.

These are interesting times, and even more challenging than in the past because the attack landscape is constantly evolving. As an industry, we need to work together to share knowledge and experience that will keep us one step ahead of the attackers.

Download PDF version Download PDF version

Author profile

Mike Sussman
Mike Sussman Technical Director, TDSi

An innovative Technical Director with a strong grasp of all aspects of a business, Mike Sussman specializes in software development and systems integration to provide interoperable systems that deliver business benefit and efficiency improvements.

  • Related companies
  • TDSi
  • View all news from
  • TDSi

Related videos

Join The Biggest Hour For Earth

Join The Biggest Hour For Earth
Unveiling Wavestore 6.36: Elevate The Security Experience

Unveiling Wavestore 6.36: Elevate The Security Experience
Hikvision Introduces CGSA-Access Control And Functions

Hikvision Introduces CGSA-Access Control And Functions

In case you missed it

How Can The Security Industry Contribute To Protecting The Environment?
How Can The Security Industry Contribute To Protecting The Environment?

When it comes to protecting the environment, the security industry has historically been perched on the sidelines. For instance, the amount of electricity that physical security sy...

Comprehensive K12 Security
Comprehensive K12 Security

For K12 education pioneers, embarking on a journey to upgrade security controls can present a myriad of questions about finding the best-fit solutions and overcoming funding hurdle...

Choosing The Right Fingerprint Capture Technology
Choosing The Right Fingerprint Capture Technology

Choosing the appropriate fingerprint technology for a given application is dependent on factors including the required level of security and matching accuracy, the desired capabili...

Security beat

Energetic ISC West Reflects Industry On The Cusp Of Accelerated Change

Energetic ISC West Reflects Industry On The Cusp Of Accelerated Change
View all

Round table discussions

How Can The Security Industry Contribute To Protecting The Environment?

How Can The Security Industry Contribute To Protecting The Environment?
View all

Security bytes

Getting To Know Chris Bone, CTO At ASSA ABLOY Group

Getting To Know Chris Bone, CTO At ASSA ABLOY Group
View all
Featured white papers
Multi-Residential Access Management And Security

Multi-Residential Access Management And Security

Download
Guide For HAAS: New Choice Of SMB Security System

Guide For HAAS: New Choice Of SMB Security System

Download
Precision And Intelligence: LiDAR's Role In Modern Security Ecosystems

Precision And Intelligence: LiDAR's Role In Modern Security Ecosystems

Download
Hikvision: Solar Powered Product Introduction + HCP

Hikvision: Solar Powered Product Introduction + HCP

Download
Bank Security

Bank Security

Download
More expert commentary
Networking Basics For Security Professionals: Misinterpreting Product Specs – Temperature, Latency And More

Networking Basics For Security Professionals: Misinterpreting Product Specs – Temperature, Latency And More
Illinois Association Works To Quell Proposed Fire Alarm Legislation

Illinois Association Works To Quell Proposed Fire Alarm Legislation
Deploying A High-performance Computing Environment To Minimize Processing Costs

Deploying A High-performance Computing Environment To Minimize Processing Costs
Featured products
Verkada TD52 Cloud-Based Video Intercom

Verkada TD52 Cloud-Based Video Intercom
exacqVision IP08-64T-R1XW-E X-Series 1U Rdnt IP NVR 64TB RAID5 Windows OS with 8 IP Ent Lic

exacqVision IP08-64T-R1XW-E X-Series 1U Rdnt IP NVR 64TB RAID5 Windows OS with 8 IP Ent Lic
Climax Technology TouchPanel-3 7” Color Graphic Touchscreen Panel

Climax Technology TouchPanel-3 7” Color Graphic Touchscreen Panel