IoT Security: It’s time to talk

By Pål Kastnes April 18, 2018

iot-security-time-to-talk.jpg

As the number of connected devices continues to soar, IoT security threats become ever more important. Let’s look at the security fundamentals for IoT.

By 2020, an estimated 20 billion connected devices will be out there. That’s almost three for every living person on the planet. As more we continue to connect up our lives and business processes to the Cloud, securing that data has never been more important.

Visit our resource page on wireless connectivity

The reasons lie at both ends of the security spectrum. Critical infrastructure is now becoming connected in many cases for the first time, while at the consumer end, users who know almost nothing about IT security are now hooking up their personal data and even their homes.

Vulnerabilities a serious business

Last year, some major IoT security issues made headlines around the world. The Mirai botnet attack exploited default and hardcoded passwords to bring down many websites. DNS provider Dyn lost a significant number of clients as a result.

Cameras were also targeted. DDoS attacks were made using more than 500,000 internet-connected cameras, while the Persirai botnet attacked more than 100,000 devices.

BlueBorne was a vulnerability in Bluetooth implementations which could allow a hacker to gain control of devices and either steal information from them or use them for a man-in-the-middle attack. By the time it was disclosed to the public, Windows, Linux, Android and iOS had all made fixes available.

Read more: Lessons learned from Blueborne

It’s all in the implementation

First things first, Bluetooth is an extremely secure protocol by design. Over the last ten years, Bluetooth vulnerabilities have been of low severity and, crucially, haven’t allowed hackers to execute code remotely.

BlueBorne managed to be such a dangerous threat by exploiting the way that operating systems implement Bluetooth, and this gets to the crux of the problem. The most secure technology still relies on proper implementation to be effective.

How to improve your IoT security

Srini Vemula, global product management leader and security expert at SenecaGlobal, spoke to Network World about how enterprises can boost their IoT security. In amongst his advice, there’s some good reminders for developers of connected products.

Build devices based on security-hardened platforms and adopt standard security controls. Select the most secure platform as your base on which to develop. Any connected product’s architecture should support the ability to patch, quickly and at scale.

Make security an integral and easy-to-understand part of using the product. Many buyers of modern connected devices, whether consumer or B2B, aren’t necessarily thinking about security as their primary concern. By incorporating it into the workflow, you’re helping the end customer help themselves.

Keep informed, and act. By keeping abreast of security news, you’re able to quickly act on any vulnerabilities that may be identified and patch your product before customers even realise there’s an issue.

Striking the right balance

While we are fans of the 'build first, iterate later' approach of lean product development, security must not be compromised. Including appropriate security into products can seem at odds with a rapid development mindset.

> Read more: Security of connected medical devices

The best strategy is to always decide upon the most appropriate security level first, and only design the product’s features afterwards. By taking a feature-first approach to product development, security has to be retrofitted. While that’s often possible to achieve, it can lead to unexpected vulnerabilities and difficulties.

As connected products become an ever more integrated part of our lives, it’s never been more important to consider security first.

This is even more important when dealing with data-only service providers. Remember that even when the data itself is encrypted, the meta data can still tell a story that is useful to potential troublemakers.

 

Get Connected: Wireless Connectivity for Tech Dummies Download the free eBook now

 

Topics: security


Pål Kastnes's photo

By: Pål Kastnes

Pål Kastnes joined Nordic in March 2015. He has 18 years of experience from the embedded systems market working in several areas. This includes IC design, system verification, production testing and device specification on the factory side. He spent 6 years as a key account manager embedded within the sales organization for the Asian market based out of Tokyo, Japan. The last years he has been driving training programs globally as well as providing key account support for EMEA. His main focus now Trainings and user experience, focusing on ease of use of all the elements involved in the design process of connected devices.

Epost

Comments

Get Connected Blog

This blog is for you who are new to the connected world of the Internet of Things (IoT) - whether you are a senior executive, in product development, or simply a curious soul.

Our goal is to inform you, keep you updated and help you understand the opportunities and challenges of IoT for your industry.

If you are a developer, you may want to check out our blogs and developer guides in the DevZone

Visit www.nordicsemi.com

New Call-to-action

Latest Posts