The problem with constant Internet connectivity is that it makes us vulnerable to hacks. Just like when hackers stole sensitive information from Ashley Madison customers, or when hackers remotely killed a Jeep while it was cruising down the highway, or that time hackers tapped into the feeds of smart home security cameras, baby monitors and CCTVs only to be broadcasted over the Internet.

These vulnerabilities are terrifying and could result in broken marriages, lives lost, children exploited and sensitive information sold. For those using connected home appliances, the danger lurks that hackers could remotely turn their lights off, disarm their security system or unlock doors, raising a bevy of privacy concerns.

As much as we would like to keep our lives safe, some things are out of consumers’ hands and it’s the manufacturers that need to take the first step in keeping people secure.

How manufacturers can secure the IoT

In a statement sent to SiliconANGLE, INSIDE Secure experts shared some security practices that are applicable not only to connected cars, but for connected devices in general.

1. INSIDE Secure suggests that device manufacturers add cryptography to ensure that communications and authentication between software inside a device and between devices are authenticated, and ensure that software is only allowed to run in a manner designed by the coder.
2. Add in remote security monitoring to alert [developers] if there is a software or network breach. It is believed that hackers are always a step or two ahead of developers, which makes creating a white or black list for known attacks useless. By adding security monitoring, developers can keep an eye on the software and act fast if a breach is detected.

Reducing IoT vulnerabilities

Hewlett-Packard Co. has also released a study regarding the vulnerability of smartwatches as a result of insufficient authentication, lack of encryption and privacy concerns. The study revealed that data collected initially on the watch and transmitted to a mobile app are often sent to multiple back-end destinations, and in 90 percent of the smartwatches tested, communications are trivially intercepted. It was also noted that smartwatches that connect to the Cloud often used weak password schemes, making them more vulnerable to attacks.

To properly address these vulnerabilities, HP included recommendations in its report that can also be applied to Internet of Things (IoT) devices in general.

1. For consumers, HP recommends they not enable sensitive access to control functions, such as car or home access, unless strong authentication, such as two-factor authentication, is available. Users are also advised to enable security functionality to prevent unauthorized access to data, as well as to avoid approving unknown pairing requests.
2. Device manufacturers are advised to ensure TLS implementations are configured and implemented properly, protect user accounts and sensitive data by requiring strong passwords, implement controls to prevent man-in-the-middle attacks, and build mobile applications into the device — in addition to any vendor-provided or recommended apps.

Hugo Fiennes, CEO and cofounder of Electric Imp, Inc., also recently offered up specific IoT security tips for device manufacturers and consumers. In his list of tips, Fiennes warns that there is no absolute security in today’s world. He goes on to point out that since security features can change the functionality and usability of an app or product, security capabilities should be implemented as early as possible to avoid problems in the late stages of development.

Tools for protecting IoT

Icon Laboratories, Inc. announced the release of Floodgate Security Manager which is a security management software suite specifically designed to protect IoT gadgets and embedded devices against cyber-attack. The suite can be operated as either an on premise or a cloud-based security manager.

Floodgate Security Manager provides device status monitoring, security policy management, command audit logging, and security event logging and reporting for devices running Icon Labs’ Floodgate Agent or other lightweight IoT management protocols such as COAP and MQTT.  It provides comprehensive reporting and auditing capabilities to help achieve EDSA Certification, ISA/IEC 62443 Compliance, and/or compliance with the NIST Cybersecurity framework.

Photo by elhombredenegro