Image

What is IOT Forensics?

  • Published On: October 18, 2022 Updated On: February 16, 2023

What is IOT when it was introduced...?

  • The term "Internet of Things" was first used in 1999 to promote a technology called Radio Frequency Identification (RFID).
  • IoT didn't become more popular until 2010/2011. By early 2014, it was used by most people.

Ok then what is IOT forensics…?

  • IoT forensics is a type of digital forensics that looks into cybercrimes related to IoT. It involves looking into connected devices, sensors, and the data stored on all platforms.

In 2017, there were rumors that people who used Bose headphones were being watched without their permission. A prosecutor filed a complaint against Bose's Bose Connect app, which is said to collect information about the music and audio books that users listen to and send it to a third-party data miner (Segment.io). In the same year, it was said that a company that made smart TVs was spying on more than 11 million of them and sending user data to third parties without their permission.

In particular, they looked at the pixels on the TV screen and tried to match them to movies that were in a database. Automatic content recognition is the name for this method (ACR). After that, the US Federal Trade Commission fined Vizio a total of $2.2 million and told them not to track their users. The organization was also told to get rid of any information they already had about this incident, such as details about nearby access points, postal codes, and the Internet protocol address (IP Address) of the local network. They were also told to make a privacy policy.

As the Internet of Things takes over more and more of our lives, the number and types of ways we can be hurt will only grow. As the Internet of Things (IoT) grows, so will the need for a smart controller. As smart objects learn to talk to each other directly, there is no longer a need for a middle man. This makes it more likely that a hacker could get into multiple devices through a single breach.

Before starting to look into it

  • When a digital forensics investigator looks at an IoT system, the first thing they have to figure out is how to look at evidence from the real world. IT knowledge may not be enough, and knowledge from other fields may be needed.
  • The whole investigation will depend on what kind of smart or connected device is in place. For example, evidence could be gathered from sensors in a home automation system, sensors in a moving car, wearable devices.

 IoT forensics needs a multi - layered approach in which evidence can be gathered from different places. Sources of evidence can be put into three main groups:

  • Smart devices and sensors: Things found at the crime scene (Smartwatch, home automation appliances, weather control devices, and more)
  • Hardware and Software: The way that smart devices communicate with the outside world (computers, mobile, IPS, and firewalls)
  • External resources: Areas outside of the network such as (Cloud, social networks, ISPs, and mobile network providers)

image

Challenges In IOT forensics:

1. Incorrect access control:

  • The only people who should be able to use an IoT device's services are the owner and trusted people.
  • IoT devices may trust the local network so much that they don't need to be authenticated or given permission again. The same goes for every other device on the same network.

2. Too much space to attack:

  • When a device connects to the Internet, the more services it offers, the more services it can be attacked for. This part is called the "attack surface."
  • A device could have ports that are open and services running that aren't strictly necessary for it to work. If the service wasn't out in the open, it would be easy to stop an attack from happening.

3. Outdated software:

  • As software problems are found and fixed, it is important to spread the updated version to protect against the problem.
  • This means that IoT devices need to come with up-to-date software that doesn't have any known bugs, and they also need to be able to be updated if bugs are found after the device was used.

4. Lack of encryption:

  • Even if data is encrypted, it may still have flaws if the encryption is incomplete or set up wrong.
  • Sensitive data stored on a device should also be protected by encryption, not using weak cryptographic algorithms

5. Insufficient physical security:

  • If attackers can get their hands on a device, they can open it up and attack the hardware inside. After opening the device, it may be possible to access it, which gives an attacker more options.

6. Customized usage of protocol:

  • If it is a static and standard protocol that can be tracked, a customized protocol for IOT devices is used; however, if a dynamic protocol is used, it cannot be tracked.

With this we can safely say that IoT is bound with pluses & minuses. This technology is already percolating & will grow further. The more complicated the technology becomes, so would be the work of forensics. By knowing the basics we can scale the forensics to match these challenges.