How to Build Secure Internet of Things Devices?
How would it feel if the car you are driving in the middle of a busy road suddenly developed a mind of its own, refusing to obey your commands or even shutting down?
Independent security researchers in a controlled experiment did just that recently, remotely taking control of brakes, steering control, air conditioning, transmission, radio and even the windscreen wipers. This hack, done over the Internet, exploits vulnerabilities in computerized control systems that are built into modern vehicles.
After the hack was publicized the manufacturer had to recall about 1.4 million vehicles.
But it’s not only cars from a particular manufacturer that are at risk.
As the Internet of Things stops being a fad, with Gartner estimating that there will be around 26 billion connected devices by 2020 security worries are increasingly taking center stage.
And while we may not all be driving computer enhanced cars anytime soon we will increasingly start to buy smart televisions, health monitors, smart watches, smart refrigerators, home sensors, activity trackers etc, all of which can collect and exchange data.
For companies, not having an internet enabled product can put them at a competitive disadvantage. However, it’s not only big manufacturers that are building such products- small businesses and startups are also in the game of embedded and connected devices.
Traditional cyber security worked on a moat around the castle principle. Critical data was stored in a centralized location that can be secured against malicious attackers. While it was not foolproof, with enough precautions the job of attackers could be made harder and more painstaking.
With IoT this model has flipped. Data is no longer in once place- instead it’s distributed. Because customers value usability manufacturers might be tempted to cut corners with security measures like encryptions, allowing hackers easy access to sensitive data.
One of the biggest problems with IoT security is that the data that resides on consumer devices is actually critical data. Many devices focus on usability over security, and it makes them vulnerable to malicious attacks. These stats tell a sobering tale:
Whether you are a startup designing a crowd funded wearable device or an auto manufacturer putting computers in cars some basic principles for IoT security never change.
In case of software you could retroactively write security code for a finished product and make it so that functionalities do not break. This is near impossible for physical devices where security has to feature hardware aspects as well.
Besides, as security considerations influence all major design decisions (like the choice of chips) and the features of a product (which third party devices can be accessed) designers and manufacturers need to spend time on security during the specifications stage itself.
For IoT to work connectivity has to be paramount. However as complex systems exchange data through multiple connections there is always the risk of unmonitored backdoors which can let malicious attackers in. Designers need to perform repeated security audits so that they can understand the information pathways thoroughly in order to secure them.
Plaintext is the enemy of security. If your connected device has to be secure, you need to design it such that all sensitive data residing on the device is encrypted. This is called Application Layer Security. But the story does not end here. Designers must also ensure that data transfers from device to device are also secured using Transport Layer Security protocols.
In the near future IoT will be less visible and more personal, with researchers working on prototypes for smart fabrics and drug dispensing implants.
These devices will solve a host of problems but unless they are secured a malicious hack won’t mean that you are locked out of your email or Netflix account. In an IoT world a malicious attack could literally kill you.
Six Ingredients of Data Management Intelligence
Top Strategic Priorities for CIOs in 2021
Positioning Your IT for Success in 2021
Customer Centric Processes: From CRM to Customer Data Platforms
Robotic Process Automation: A Driver for Cost-Efficient Enterprises Processes
Seven Ways COVID19 has Changed the CIO Role
AIOps: Empowering Automated and Intelligent Cloud Operations
Shaping the Future of Enterprise Content Management with Artificial Intelligence
An Introduction to Continuous Integration and Workflows
Cloud Leaks: The basics you need to know
We're here to help!
No obligation quotes in 48 hours. Teams setup within 2 weeks.
If you are a Service Provider looking to register, please fill out this Information Request and someone will get in touch.
Outsource with Confidence to high quality Service Providers.
If you are a Service Provider looking to register, please fill out
this Information Request and someone will get in
Enter your email id and we'll send a link to reset your password to the address
we have for your account.
The IT Exchange service provider network is exclusive and by-invite. There is
no cost to get on-board;
if you are competent in your areas of focus, then you are welcome. As a part of this exclusive