When we first questioned a consumer whether they knew anything about the security of the connected devices that they are installed at their homes or workplaces? The users after thinking for a minute replied that they don’t believe anyone would be interested in hacking their refrigerators, cooling system or workplace common devices. The major challenge for many IoT manufactures is making people aware that the IoT devices that they use is just like their computer or mobile phones from that sensitive information can be accessed about the user.
Governments around the world are issuing guidelines for the IoT device users to tackle the challenge of IoT security increasing the campaigns for consumer awareness. Some of the steps taken by manufacturers can help eliminate the common issues with the devices that the user should be able to change the device password or the default password provided by the manufacturer should be strong enough or unique. Remote access should not be available on the unsecured platforms for the devices that can lead to the unidentified person accessing and control the device. Rolling out security patches and updates can also be regarded as a way to improve the security of the devices.
IoT smart home devices are 4th biggest industry segment and set to reach $62 billion by the end of 2018. However, most of these devices are built on shallow security protocol. Major attacks like 2016 Mirai botnet attack that led to the denial of services leaving much of U.S. east coast inaccessible to the Internet. Mirai took the advantage of IoT devices with open Telnet ports and then attempted to log-in with 61 usernames and password that are frequently as a default for devices. Using this it was able to amass an army of compromised closed-circuit TV cameras and routers.
Here Are Top Security Concerns And Solutions For IoT Devices:
1. Constraints in devices: IoT devices have limited storage, memory, and processing capability. The devices need to operate at the limited power and most of them even run on batteries. Security approach of encryption is not suitable for these devices as the constraints are high in terms of processing power. Most of the IoT devices need real-time data processing and encryption-decryption process can slow down the device considerable.
Solution: Many IoT manufactures employ lightweight encryption algorithm to protect the device from attacks. IoT system can even make use of multiple layers of defense i.e. segregating devices into separate network and using firewalls.
2. Authentication: With so many devices offering different points of data leakage or failure within the IoT system, device authentication and authorization is critical to secure IoT systems. Having a device authorization in place can prevent unidentified access to gateways and services. Many of the IoT devices usually fail in this category – Most of the devices used are set on default password and also same of all the devices that are manufactured.
Solution: Two-factor authorization can drastically reduce the authentication issues of the device. It can also add authorization to services making the user understand which functions can be used by each device.
3. Updates for the Device: Updates can include- Security patch for the IoT device to make improvement in its software, firmware or gateways that preset number of challenges for the manufacturer. So applying a security patch or updating the device regularly can help in maintaining the device health, but also prevent the device from advanced threat levels. IoT devices mostly don’t support the internet update or without downtime update. So the devices need to be accessed physically or temporarily pulled out of production to apply the update. The newer devices are coming with incoming features that help you apply an update without taking disconnecting the device with the actual faction. The user just needs to authorize the update to be done by the device and it would automatically install the update.
4. Connection: After the devices are secured it’s important that the manufacturer also secure communication across the network. IoT devices are based on communication across network and cloud services. Many IoT devices don’t encrypt the data before sending and receivers can be manipulated to save the data.
Solution: Using transport encryption by adopting standard TLS. Manufacturers are also using the separate band for the devices to isolate the communication from other devices.
5. Data Integrity: Data integrity is important to be maintained; after the data has been transmitted across the network it should be stored and processed securely. To maintain the data integrity all the devices should be securely marinating the data or disposing of the data. IoT devices should be able to maintain compliance with all legal and regulatory frameworks.
Solution: IoT devices are planning to maintain a digital signature or checksums to ensure the data is not modified. For information on IoT security, download our whitepaper.
6. Up-time: IoT devices play an important part in the lives of the user and most of them depend on them for their daily functions. The potential for disruption due to connectivity issues or device failure or denial of service due to external attacks can damage the reputation of the manufacturer and lead to revenue loss. As IoT devices are becoming part of daily lives many hospitals, traffic signals, air traffic is managed by IoT device due to any downtime it may lead to serious consequences.
Solution: Testing IoT devices for real-life conditions such as threats or connectivity issues that can prevent loss of data.
7. Detecting Liabilities and Security Lapses: Security breaches or even lapses are an inevitable part of technology. A large number of devices are interconnected, and a variety of communication protocols are followed it’s also difficult to detect when the security lapse takes place on the device or network. A strategy should be devised for detecting the vulnerabilities’ of the devices and breach if it takes place.
Solution: At smart homes, all devices are registered in device managers and by detecting the affected device you can isolate the device until it’s patched. It’s important that the gateway devices are well protected to save the other devices from getting affected. IoT device manufacturers need to keep updating their software to prevent security lapses and testing the devices against different threats can save the device.
Adopting a multi-layer security by design approach for the IoT devices is important as the devices became a gateway for other layers of connection such as mobile and cloud-based IoT apps. Incorporating security as a default criterion during and after the development enables to maintain security and data privacy. For more information about IoT security, you can download our white paper on IoT Security.