ANALYSIS OF SECURITY VULNERABILITIES CAUSED BY HUMAN ERROR IN IOT DEVICES

Yıl 2024, Cilt: 12 Sayı: 2, 403 - 415, 30.06.2024

Mevlüt Sevinç , İsa Avcı

https://doi.org/10.21923/jesd.1231326

Öz

The use of personal computers, which started in the 1970s, is now a use of hundreds of different personal products. Cell phones, smart wristbands and watches, tablets, and even the blackboards used in schools are now connected to the internet and interact with each other. This interaction, now called IoT (Internet of Things), is also attracting the attention of scientists. IoT devices are used not only in daily life but also in many areas such as corporate, industrial, health, agriculture, etc. Especially with the increasing use of smart devices in daily life, a device ecosystem has emerged spontaneously. Information such as heart rhythm measurement, deep sleep sleep times, daily step count, etc. are tracked 24/7 by these devices. This raises many security issues. Possible reasons such as theft, alteration, and sale of personal data to second parties are seen as interesting for hackers. Especially the protection of credit card information and banking information is of great importance. One of the reasons for these security vulnerabilities is the human error that is the primary user of these devices. This study will examine the factors that threaten the security of IoT devices, which have such a place in human life, and what people should do to ensure security measures. In addition, security flaws that create security vulnerabilities in these devices and security errors caused by humans and the solutions that users can take will be analyzed.

Anahtar Kelimeler

IoT Devices, IoT Security, IoT Security Attacks, Human-Caused Faults

IOT CİHAZLARINDA İNSAN HATASINDAN KAYNAKLANAN GÜVENLİK AÇIKLARININ ANALİZİ

Öz

1970’li yıllarda başlayan kişisel bilgisayarların kullanımı günümüzde artık yüzlerde çeşit kişisel ürünün kullanımı olarak devam etmektedir. Cep telefonları, akıllı bileklikler ve saatler, tabletler, hatta okullarda kullanılan tahtalar bile artık internete bağlı ve etkileşim halindedirler. Günümüzde IoT (Internet of Things) olarak adlandırılan bu etkileşim, bilim insanlarının da dikkatini çekmektedir. IoT cihazları sadece günlük yaşamda değil, kurumsal, endüstriyel, sağlık, tarım vb. birçok alanda da kullanılmaktadır. Özellikle akıllı cihazların günlük yaşamda kullanımının artmasıyla beraber bir cihaz ekosistemi de kendiliğinden ortaya çıkmıştır. Kalp ritminin ölçümü, derin uyku uyuma süreleri, günlük adım sayısı gibi bilgiler bu cihazlar sayesinde insanların 7/24 takibini sağlamaktadır. Bu durum da beraberinde birçok güvenlik sorununu açığa çıkarmaktadır. Kişisel verilerin çalınması, değiştirilmesi ve ikinci şahıslara satılması gibi muhtemel sebepler bilgisayar korsanları açısından ilgi çekici olarak görülmektedir. Özellikle kredi kartı bilgileri, bankacılık bilgilerinin korunması büyük önem arz etmektedir. Bahsedilen bu güvenlik açıklarının sebeplerinden birisi bu cihazları birincil olarak kullanan insandan kaynaklı hatalardır. Bu çalışmada; insan hayatında bu derece yer eden IoT cihazlarının güvenliğini tehdit eden unsurlar, güvenlik önlemlerini sağlamak için insanların yapması gerekenler incelenecektir. Ayrıca, bu cihazlarda güvenlik açığı oluşturan ve insanlardan kaynaklı güvenlik hataları ile kullanıcıların alabileceği çözüm önerileri analiz edilecektir.

Anahtar Kelimeler

Iot Cihazları, Iot Güvenlik, Iot Güvenlik Saldırıları, İnsan Kaynaklı Hatalar

Kaynakça

• Ahmed, K., Tahir, M., Habaebi, M., Lau, S., & Ahad, A. (2021). Machine learning for authentication and authorization in iot: taxonomy, challenges and future research direction. Sensors, 21(15), 5122. https://doi.org/10.3390/s21155122
• Atlam, H. F., & Wills, G. (2020). IoT Security, Privacy, Safety and Ethics. In Digital Twin Technologies and Smart Cities (pp. 123-149). Switzerland: Springer. doi:10.1007/978-3-030-18732-3_8
• Aytekin, A., Ayaz, A., Tüminçin, F., & Bektaş, E. (2019). Mobil Cihazları Etkileyen Zararlı Yazılımlar ve Korunma Yöntemleri. SADAB 5th International Social Research and Behavioral Sciences Symposium, (p. 244252). Tiflis, Gürcistan.
• Babar, S., Stango, A., Prasad, N., Sen, J., & Prasad, R. (2011). Proposed embedded security framework for Internet of Things (IoT). 2nd International Conference on Wireless Communication, Vehicular Technology, Information Theory and Aerospace & Electronic Systems Technology (Wireless VITAE) (pp. 1-5). Chennai, Hindistan: IEEE. doi:10.1109/WIRELESSVITAE.2011.5940923
• BTK. (2019, Haziran 12). https://internet.btk.gov.tr/kisisel-veriler-ve-kisisel-bilgi-guvenligi. Retrieved 01 05, 2022, from https://internet.btk.gov.tr/.
• Chong, I., Xiong, A., & Proctor, R. W. (2019). Human Factors in the Privacy and Security of the Internet of Things. Ergonomics in Design, 510. doi:10.1177/1064804617750321
• Columbus, L. (2018, Haziran 6). 10 Charts That Will Challenge Your Perspective Of IoT's Growth. Retrieved from Forbes: https://www.forbes.com/sites/louiscolumbus/2018/06/06/10-charts-that-will-challenge-your-perspective-of-iots-growth/?sh=307fc3943ecc
• Çağıltay, K., Bayzan, Ş., Karakuş, Y. T., Kaşıkçı, D. N., Kurşun, E., & Cankar, İ. (2011). The Use Of Social Networks Among Children in Turkey. EU Kids Online 2 Final Conference. Londra.
• Deogirikar, J., & Vidhate, A. (2017). Security attacks in IoT: A survey. Proceedings of the International Conference on IoT in Social, Mobile, Analytics and Cloud, I-SMAC 2017 (pp. 32-37). Institute of Electrical and Electronics Engineers Inc. doi:10.1109/I-SMAC.2017.8058363
• Guo, C. and Li, D. (2021). Iot security privacy protection mechanism and mechanical structure design simulation optimization. Eurasip Journal on Advances in Signal Processing, 2021(1). https://doi.org/10.1186/s13634-021-00737-3
• Heer, T., Garcia-Morchon, O., Hummen, R., Keoh, S. L., Kumar, S. S., & Wehrle, K. (2021). Security Challenges in the IP-based Internet of Things. Wireless Personal Communications, 527-542. doi:https://doi.org/10.1007/s11277-011-0385-5
• Huszti, A., Kovács, S. & Oláh, N. Scalable, password-based and threshold authentication for smart homes. Int. J. Inf. Secur. 21, 707–723 (2022). https://doi.org/10.1007/s10207-022-00578-7
• IoT Analytics. (2022, Ocak 10). Retrieved from https://iot-analytics.com/: https://iot-analytics.com/wp/wp-content/uploads/2020/11/IoT-connections-total-number-of-device-connections-min.png
• ITU. (2012, 06 15). Overview of the Internet of things. Serıes Y: Global Informatıon Infrastructure, Internet Protocol Aspects And Next-Generatıon Networks. ITU-T.
• J. A. Gómez-Hernández, J. Camacho, J. A. Holgado-Terriza, P. García-Teodoro and G. Maciá-Fernández, "ARANAC: A Bring-Your-Own-Permissions Network Access Control Methodology for Android Devices," in IEEE Access, vol. 9, pp. 101321-101334, 2021, doi: 10.1109/ACCESS.2021.3097152.
• K. Zandberg, K. Schleiser, F. Acosta, H. Tschofenig and E. Baccelli, "Secure Firmware Updates for Constrained IoT Devices Using Open Standards: A Reality Check," in IEEE Access, vol. 7, pp. 71907-71920, 2019, doi: 10.1109/ACCESS.2019.2919760.
• Karam, A. (2022). Investigating the importance of ethics and security on internet of medical things (iomt). International Journal of Computations Information and Manufacturing (Ijcim), 2(2). https://doi.org/10.54489/ijcim.v2i2.114
• Kfouri, G. d. O., Gonçalves, D. R., Dutra, B. V., Alencastro, J. F. d., Filho, F. L. d. C., Martins, L. M. C. e., … & Sousa, R. T. d. (2019). Design of a distributed hids for iot backbone components. Communication Papers of the 2019 Federated Conference on Computer Science and Information Systems. https://doi.org/10.15439/2019f329
• Khoo, B. (2011). RFID as an Enabler of the Internet of Things: Issues of Security and Privacy. 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social Computing (pp. 709-712). Dalian, Çin: IEEE. doi:10.1109/iThings/CPSCom.2011.83
• Kim, D., Moon, J., Cho, S., Choi, J., Park, M., & Chung, L. (2014). A birthmark-based method for intellectual software asset management.. https://doi.org/10.1145/2557977.2558062
• Kumar, S., & Deora, S. S. (2021). Security Challenges and Issues in IoT. 6. IEEE International Conference on Signal Processing, Computing and Control (ISPCC 2k21) (pp. 171-175). Solan: IEEE. doi:10.1109/ISPCC53510.2021.9609486
• Li, S., Xu, L., & Zhao, S. (2014). The internet of things: a survey. Information Systems Frontiers, 17(2), 243-259. https://doi.org/10.1007/s10796-014-9492-7
• McDermott, C. D., Majdani, F., & Petrovski, A. V. (2018). Botnet Detection in the Internet of Things using Deep Learning Approaches. 2018 International Joint Conference on Neural Networks (IJCNN) (s. 1-8). Rio de Janeiro: IEEE.
• Mitrokotsa, A., Rieback, M. R., & Tanenbaum, A. S. (2008). Classification of RFID Attacks. 10th International Conference on Enterprise Information Systems (pp. 73-86). Barcelona, İspanya: INSTICC Press.
• Monia, Sharma, N., & Dhir, R. (2021). Fog computing: An overview of IoT applications with security issues and challenges. 9th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO) (pp. 1-8). Noida: IEEE. doi:10.1109/ICRITO51393.2021.9596158
• Nam, S., Jeon, S., Kim, H., & Moon, J. (2020). Recurrent gans password cracker for iot password security enhancement. Sensors, 20(11), 3106. https://doi.org/10.3390/s20113106
• NordPass. (2021). Retrieved 12 25, 2021, from https://nordpass.com/: https://nordpass.com/most-common-passwords-list/
• Padhy, R. P., Patra, R. P., & Satapathy, S. (2011). Cloud Computing: Security Issues and Research Challenges. IRACST - International Journal of Computer Science and Information Technology & Security (IJCSITS), 1(2), 136-146.
• Raju, I., & Parwekar, P. (2016). Detection of Sinkhole Attack in Wireless Sensor Network. Proceedings of the Second International Conference on Computer and Communication Technologies (pp. 629-636). Delhi: Springer, New Delhi. doi:https://doi.org/10.1007/978-81-322-2526-3_65
• Said, Z. and Zolkipli, M. (2022). Internet of things (iot): a study of security issues and challenges. International Journal of Recent Contributions From Engineering Science & It (Ijes), 10(02), 16-31. https://doi.org/10.3991/ijes.v10i02.29301
• Sopori, D., Pawar, T., Patil, M., & Ravindran, R. (2017, Mart). Internet of Things: Security Threats. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET), 6(3), 263-267.
• Statista. (2021, Haziran 22). IoT spending by vertical worldwide. Retrieved from Statist: https://www.statista.com/statistics/666864/iot-spending-by-vertical-worldwide/
• Şen, Ş., & Yerlikaya, T. (2013). ISO 27001 Kurumsal Bilgi Güvenliği Standardı. Akademik Bilişim 2013 (pp. 677-681). Antalya: Akdeniz Üniversitesi.
• TDK. (2021, 12 25). Türk Dil Kurumu Sözlükleri. Retrieved from https://sozluk.gov.tr/
• Thegardian. (2010). Retrieved 01 10, 2022, from https://www.theguardian.com/: https://www.theguardian.com/news/datablog/2010/oct/22/burglary-statistics-police-crime-data
• Toutsop, O., Das, S., & Kornegay, K. (2021). Exploring The Security Issues in Home-Based IoT Devices Through Denial of Service Attacks. 2021 IEEE SmartWorld, Ubiquitous Intelligence & Computing, Advanced & Trusted Computing, Scalable Computing & Communications, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/IOP/SCI) (pp. 407-415). Atlanta: IEEE. doi:10.1109/SWC50871.2021.00062
• Uludağ, M. H., & Uçar, A. (2018). Nesnelerin İnterneti (IoT) ile Akıllı Sınıf ve Öğrenci Takip Sistemi Tasarımı. DÜMF Mühendislik Dergisi, 591-600. Retrieved from https://dergipark.org.tr/en/download/article-file/532378
• Uttarkar, R., & Kulkarni, R. (2014). Internet of Things: Architecture and Security. International Journal of Computer Application, 3(4), 12-17.
• Uyanık, A. S., Gökdemir, A., Karayiğit, H., & Yücel, R. T. (2020). BİLİŞİM TEKNOLOJİLERİNİN TEMELLERİ 9. Ankara: Milli Eğitim Bakanlığı.
• Xu, H. (2021). Key technologies of Secure Multi-Party Computing for Perceived Data Transmission in Internet of Things. International Journal of Frontiers in Engineering Technology, 3(5).
• Z. -K. Zhang, M. C. Y. Cho, C. -W. Wang, C. -W. Hsu, C. -K. Chen and S. Shieh, "IoT Security: Ongoing Challenges and Research Opportunities," 2014 IEEE 7th International Conference on Service-Oriented Computing and Applications, Matsue, 2014, pp. 230-234, doi: 10.1109/SOCA.2014.58.
• Zanella, A., Bui, N., Castellani, A., Vangelista, L., & Zorzi, M. (2014). Internet of things for smart cities. Ieee Internet of Things Journal, 1(1), 22-32. https://doi.org/10.1109/jiot.2014.2306328