Quantumrun

ZITHUNZI CREDIT:

iStock

Zowopsa za Consumer IoT: Pamene kulumikizana kumatanthauza zoopsa zomwe zimagawana

Chifukwa cha kuchuluka kwa zida zanzeru monga zida zamagetsi, zida zolimbitsa thupi, ndi makina amagalimoto, obera ali ndi zolinga zambiri zoti asankhe.

Author:
Dzina la wolemba
Quantumrun Foresight
July 5, 2023

Kuzindikira kwakukulu

Pomwe msika wa intaneti wa Zinthu (IoT) ukupitilizabe kupanga zatsopano, ikulimbana ndi zovuta zodziwika bwino zachitetezo cha pa intaneti chifukwa ogula akunyalanyaza kusintha mapasiwedi azida ndi opanga omwe akuyambitsa zomwe sizinayesedwe. Mavutowa akuchulukirachulukira chifukwa chosowa zowululira za chiopsezo cha anthu komanso makampani opanda ndondomeko yomveka bwino yowathetsera. Ngakhale pali kugwiritsa ntchito mapangano osaulula, ma bug bounty programme, ndi Coordinated Vulnerability Disclosure (CVD) monga njira zowongolera zoopsa, kukhazikitsidwa kwa mfundo zowulula zachiwopsezo kumatsika.

Consumer IoT vulnerabilities context

Ngakhale pali zabwino pazida monga othandizira kunyumba ndi makamera achitetezo anzeru, makampani a IoT akadali ndi njira yayitali yopitira pankhani yachitetezo cha pa intaneti. Ngakhale kupita patsogolo kwa mapangidwe ndi zomangamanga, zidazi zimakhalabe pachiwopsezo cha cyberattack. Vutoli limakulitsidwanso chifukwa ogula ambiri sadziwa njira zabwino zosinthira makina ogwiritsira ntchito zida zawo. Malinga ndi IoT Magazine, 15 peresenti ya eni ake onse a IoT sasintha mapasiwedi osasinthika, kutanthauza kuti obera amatha kupeza 10 peresenti ya zida zonse zokhudzana ndi kuphatikiza zisanu ndi dzina lachinsinsi.

Zovuta zina zachitetezo zimakhazikitsidwa ndi momwe zidazi zimapangidwira kapena kusamaliridwa. Ngati makina kapena mapulogalamu atasiyidwa opanda chitetezo - mwachitsanzo, sangathe kulumikizidwa ndi zosintha zatsopano zachitetezo kapena ogwiritsa ntchito sangathe kusintha mawu achinsinsi - zitha kuwonetsa mosavuta maukonde akunyumba kwa ogula ku cyberattack. Vuto lina ndi pamene wopanga atseka, ndipo palibe amene amatenga mapulogalamu awo kapena nsanja.

Kuwukira kwa intaneti ya Zinthu kumasiyana, kutengera makina kapena zida. Mwachitsanzo, kusokonekera kwa zofewa kapena firmware kumatha kulola ma hackers kudutsa magalimoto amagetsi (EVs)'. Pakadali pano, ena opanga ma IoT nthawi zambiri amawonjezera zatsopano pazida zawo kapena zolumikizira popanda kuziyesa bwino. Mwachitsanzo, china chake chomwe chikuwoneka chophweka, monga chojambulira cha EV, chingathe kuthyoledwa kuti chikhale chocheperapo kapena chochulukira, zomwe zimapangitsa kuwonongeka kwakuthupi.

Zosokoneza

Malinga ndi kafukufuku wa 2020 wopangidwa ndi IoT Security Foundation, amodzi mwa madera omwe opanga IoT sanali kuchita mokwanira anali kupereka zidziwitso zachiwopsezo cha anthu. Njira yofunika kwambiri yopititsira patsogolo chitetezo cha zida zolumikizidwa ndi IoT ndikupangitsa kuti ofufuza azitha kunena zowopsa zomwe amapeza mwachindunji kwa opanga. Panthawi imodzimodziyo, makampani ayenera kuyankhulana momwe angayankhire pamene zovutazi zadziwika komanso nthawi yomwe ingayembekezeredwe pazigamba zamapulogalamu kapena kukonza kwina.

Pofuna kuthana ndi ziwopsezo zachitetezo cha pa intaneti, mabizinesi ena amadalira mapangano osawululira. Ena amakopa ofufuza ndi ma bug bounces (i.e., kulipira zowopsa zomwe zapezeka). Palinso ntchito zapadera zomwe makampani amatha kusunga kuti azitha kuyang'anira zowulutsa ndi mapulogalamu a bug bounty. Njira ina yothanirana ndi zoopsa ndi Coordinated Vulnerability Disclosure (CVD), pomwe wopanga ndi wofufuza amagwirira ntchito limodzi kukonza vuto ndikutulutsa lipoti lokonzekera ndi kusatetezeka nthawi imodzi kuti achepetse kuwonongeka kwa ogwiritsa ntchito.

Tsoka ilo, makampani ena alibe ndondomeko yochitira zinthu zomwe zawululidwa. Ngakhale kuchuluka kwamakampani omwe ali ndi mfundo zowulula zachiwopsezo adakwera kufika pa 13.3 peresenti mu 2019 kuchokera pa 9.7 peresenti mu 2018, kutengera kwamakampani kumakhalabe kotsika (2022). Mwamwayi, pali malamulo owonjezereka omwe amakakamiza ndondomeko zowululira. Mu 2020, boma la US lidapereka lamulo la Internet of Things Cybersecurity Improvement Act, lofuna kuti othandizira a IoT azikhala ndi mfundo zowulula zomwe zili pachiwopsezo asanagulitse ku mabungwe aboma.

Zotsatira zakuwonongeka kwa ogwiritsa ntchito a IoT

Zowonjezereka pakuwonongeka kwa ogwiritsa ntchito a IoT zingaphatikizepo:

Maboma omwe amayang'anira opanga ma IoT kuti azikhala ndi mfundo zowululira ndikuyesa mozama komanso mowonekera.
Makampani aukadaulo ochulukirapo omwe amapanga mayanjano kuti agwirizane ndi miyezo yofanana ndikupanga ma protocol ogwirizana a cybersecurity omwe angapangitse zida kuti zizigwirizana komanso zotetezeka kwambiri.
Mafoni am'manja ndi zida zina zogulira zomwe zimakwaniritsa kutsimikizika kwazinthu zambiri komanso chidziwitso cha biometric kuti zithandizire chitetezo cha pa intaneti.
Kuchulukitsa kwandalama mumagetsi ndi magalimoto odziyimira pawokha cybersecurity kupewa kubedwa kwa digito.
Kuukira kochulukira, komwe zigawenga zimalanda njira zoyankhulirana zosabisika; umbandawu ukhoza kupangitsa kuti ogula ambiri azikonda mapulogalamu otumizirana mameseji (EMA).
Zochitika zambiri zakuukira kwa chikhalidwe cha anthu zomwe zimagwiritsa ntchito chitetezo chofooka cha mawu achinsinsi, makamaka pakati pa ogwiritsa ntchito zida zakale.