menu
Join a Panel FOR COMPANIES
  • By Practice
  • Product Innovation
  • Qualitative Research
  • Customer Experience
  • Thought Leadership
  • Strategic Sales
  • By Topic
  • CPG
  • Healthcare
  • Innovation
  • Manufacturing
  • Technology
  • Resources

Latest questions:

Trending questions:

Hot questions:

keyboard_arrow_left BACK TO QUESTIONS

Public security threats and controls with IoT

1
731 views

Recently drones are seen on Aiports and other sensitive areas. Drones are driven by IoT. What do you think about security threats because of IoT ? What should be done to avoid them ?

Cyber-security
IOT
IoT Security
Hitesh Mathpal
63 months ago

3 answers

1

Yes indeed. Most of the drones used do not have a trusted platform module, so it is easy to hack them with a fake firmware, and the communication between the controller and the drone is not encrypted especially in cheaper models.
Shahram Mehraban
63 months ago
Thanks Shahram. What are the controls do you think ? - Hitesh 63 months ago
1

Hi Hitesh, drones are indeed used to support sensitive services such as surveillance, search and rescue operation, or medical delivery. They are considered indeed IoT devices since they are formed by a piece of Hardware and Software and are equipped more often with sensors, GPS, Camera, Audio interface and of course they have a wireless communication to the ground control station or a remote control.

So like any IoT device, security threats could arrive from one of the following 4 domains (1- the IoT device itself (HW & SW) through physical or software attacks, 2- the communication/network (MiTM, sniffing, etc.), 3- the server collecting and analyzing the data (if applicable) and 4- the Application/remote control).

So the security controls or countermeasures must be implemented on all the levels to reduce the risks of a successful attack. As mentionned by Shahram above, a Trusted platform module could help in mitigating some Physical and Software attacks on the Software/Firmware side of the Drone, implementing a secure channel (integrity and confidentiality) could mitigate some attacks on the network, etc.

But as you can see these are still generic controls and you should understand that there is no one-size-fits-all solution which means vulnerabilities could be very specific to the protocols (e.g. MVLink), OS, Software, Crypto Library, etc. used and therefore a dedicated security risk analysis is the first thing to start with.

We, at Red Alert labs generate (to our customers) what we call a "Security Profile" including product type specific security controls adapted to the operational environment - An efficient way to avoid spending effort on a detailed security risk analysis.

I hope this helps !
Roland Atoui
63 months ago
Thanks Ronald for this detail. I agree Trusted Platform is one potential option. However, do you think design guidelines or protocol can help ? - Hitesh 63 months ago
Hi Hitesh, sure. That's what I mean by a Security Profile. It's a set of security requirements that is supported by guidelines on how to implement and evaluate each one of them. - Roland 63 months ago
0

Or some rules on the locations and areas where you can NOT FLY drones.
Also, kids of a certain age should not fly drones etc.
Maya Kharkwal MA, BEd
63 months ago
I think rules are there but yes with kids this is required. - Hitesh 63 months ago
Yes, thanks Hitesh Mathpal - Maya 63 months ago

Have some input?


keyboard_arrow_left BACK TO QUESTIONS
close

Thanks for making your first post!

Want to share it with your network?

close

You have just earned your honorarium by participating on this theme, now react to your peers.

Tip: Earn points and make friends through cross collaboration. When you comment on other panelists' posts you both earn rewards and the insights get much more interesting. It's a win-win-win.

close

Total Points: