������

Are escalating attacks on WiFi a threat to Internet of Things (IoT) devices? The short answer is yes.����

The long answer is also yes: Wireless networks are under attack—which means every device relying on them is vulnerable too. There are dozens of ways intruders can gain access to wireless networks, exploiting everything from initialization vectors to WPA2, as well as infiltrating access points in what’s been aptly dubbed an “evil twin” or man-in-the-middle attack.��

The exploitability of the WPA2 protocol is alarming because it’s still widely used in wireless (WiFi) networks, especially on older routers and out-of-date environments. Its job is to secure the data that travels between wireless networks and devices by providing a unique encryption key for each wireless device. Unfortunately, WPA2 protections can be broken, especially when weak passwords and security practices are at play.��

The Wi-Fi Alliance now requires all newly certified WiFi devices to support WPA2’s successor, WPA3. But what does that mean, exactly—and does it solve the security issues posed by WPA2?

Does WPA3 solve the WiFi security problem?

In 2017, a passing between a device and its wireless access point. A year later, that vulnerability was remedied with the introduction of the WPA3 protocol, which opened the door to major security improvements.

WPA3 has been an enormous improvement, and the story might have ended here if not for one large and unfortunate caveat: Older IoT devices don’t support it. As a result, there are millions of networks that can’t use WPA3, putting them—and the devices that connect to them—at risk.

Too many devices, too little control

The problem stems from the rapid adoption of IoT in the modern enterprise. Today’s large companies have thousands to tens of thousands of devices on their networks. It would be daunting to try to identify every device across the enterprise, much less ensure they’re all updated with new firmware. In many cases, hardware limitations mean updating older devices is completely off the table.

One major security implication of older devices is that some of them transmit data over Hypertext Transfer Protocol (HTTP), which is susceptible to sniffing or man-in-the-middle attacks. Other devices may use Hypertext Transfer Protocol Secure (HTTPS) for authentication while using HTTP for subsequent communications.

The use of HTTP has never been safe. But today, it’s downright reckless. If an outside attacker can gain control of WiFi access points by breaking its encryption, and the IoT device is using HTTP for communications, the attacker will be able to intercept authentication credentials to expand their attack, steal sensitive data, inject malware, and execute other means of destruction.

And it wouldn’t even be that hard.

How to mitigate IoT attacks

There are many ways to address IoT security, like network segmentation, endpoint security, and authentication and access controls. But the three most important measures you should take for your IoT infrastructure include:

• HTTPS:��Encrypt all communications coming from and going to your IoT devices using the secure TLS/SSL (HTTPS) protocols. Make sure you have a properly configured HTTPS stack on your devices so that certificates are properly authenticated.
• Client certificate authentication:��Ensuring that only authorized IoT devices can connect to the network or control systems is critical, and that’s why it’s important to use certificates to verify each device’s identity. It’s easy to include client certificate authentication as you provision devices.
• Code signing certificates:��The code that executes on the device itself should be signed, which protects the code from being tampered with. Code signing certificates enable a device to ensure that it’s only installing and executing code that came from a trusted source (you). ��

How ������ is making the IoT landscape more secure

Each device in the IoT universe is unique, with differing manufacturing processes, electronics, software, functions, and lifecycles. What’s more, they connect in a variety of ways—over WiFi, Bluetooth, cellular (4G/5G), ethernet, and more.

What's the trick to managing and securing so much complexity? IoT device management, which increases security and digital trust, allowing your organization to track all the digital certificates issued for devices and connected things.

The IoT device management offered by ������ Device Trust Manager helps organizations through each step of the device security lifecycle, from deployment to decommissioning. Using an IoT device’s unique ID, which is bound to a PKI certificate and issued during manufacturing, Device Trust Manager enables you to:

• Manage device identity
• Assure that connections are secure
• Prevent device tampering
• Update firmware and settings remotely and securely

������ Device Trust Manager also ensures regulatory compliance while providing excellent reliability and streamlined operations.

Protect the “things” that power your enterprise

The cybersecurity threats being wrought on IoT devices are diverse and constantly evolving. Because many IoT devices are deployed in critical infrastructures with sensitive data or safety implications, the consequences of these threats is often severe, resulting in costly downtime and damaging breaches.

To stay safe, it's imperative that your organization adopt strong security practices like encryption, device authentication, and code signing. When paired with device lifecycle management, these practices will go a long way toward mitigating vulnerabilities and preventing WiFi attacks.

The latest developments in digital trust

Want to learn more about topics like WiFi security, authentication, and code signing? Subscribe to the ������ blog to ensure you never miss a story.