Ambimat GroupAmbimatAmbiSecureeSIM InitiativeEngineering BlogAhmedabad · India · Est. 1981
ASAmbiSecureHardware-rooted security
Contact
HISTORICAL ARCHIVE · Originally published April 20, 2020
Archive

Challenges to IoT Security (Part 1)

First of a two-part look at IoT security — how billions of devices communicate with enterprise systems, where the resulting attack surface sits, and the trust anchors that contain it.

IoT Security

This is an earlier piece from the AmbiSecure engineering archive. Where the field has moved on, the link above points to current coverage of the same topic.

IoT Devices with Outdated Secure Firmware

Security professionals historically focused on protecting mobile devices and computers. Today, over a billion IoT devices communicate with enterprises, creating billions of potential attack vectors. Manufacturers prioritize building new devices over security updates. Devices remain secure at purchase but become vulnerable when hackers discover bugs, especially in open source software. Legacy systems connected to IoT devices also pose risks.

Use of Weak and Default Credentials

IoT companies sell devices with default credentials like "admin" and "password." Hackers use brute-force attacks. The Mirai botnet attack exemplifies this vulnerability.

Lack of Encryption

Encryption prevents hacker access, but devices lack storage and processing capabilities of traditional computers. Unused bandwidth or processing power can be exploited. Hackers manipulate protection algorithms.

Malware and Ransomware

Cybercriminals lock consumers out of their devices. IoT-enabled cameras capturing confidential information can be hacked with malware, then encrypted through ransomware. City-wide infrastructure devices infected with malware can launch DDoS or man-in-the-middle attacks, compromising entire municipal command and control infrastructure.

Predicting and Preventing Phishing Attacks

Phishing affects all enterprise technologies, and IoT represents a new attack vector. Hackers send signals triggering device complications. Cloud services use threat intelligence, AI-powered monitoring, and analytics tools, though adapting these to IoT is complex due to instant data processing requirements.

Wide Area Networks

WAN are city-wide networks controlling communication between essential services like smart meters and street lights. Malware uploaded to one trusted device compromises entire enterprise security.

Smart Homes Devices

More homes and offices integrate IoT connectivity. Exposed IP addresses reveal residential addresses and contact details, risking consumer safety.

Case Studies Referenced

  • Smart lighting security flaw
  • Cheap IoT gadgets posing risks after disposal

About Ambimat Electronics

Close to 4 decades of design experience.

Related historical reading

Securing your IIoT infrastructure

Why industrial IoT infrastructure remains a high-value target — the markets driving adoption, the trust gaps in legacy OT, and how hardware-rooted device identity tightens them.

Read article →

Challenges to IoT Security (Part 2)

Second of a two-part look at IoT security — practical mitigations: hardware root of trust, signed firmware update, attestation, and device identity carried in a secure element.

Read article →

Browse more historical AmbiSecure writing.

The full archive lists everything we have published, with the modern-equivalent counterpart linked wherever one exists.

Open archive