UPDATED 10:08 EDT / AUGUST 05 2015

NEWS

Tips for gadget makers to secure the Internet of Things

The problem with constant Internet connectivity is that it makes us vulnerable to hacks. Just like when hackers stole sensitive information from Ashley Madison customers, or when hackers remotely killed a Jeep while it was cruising down the highway, or that time hackers tapped into the feeds of smart home security cameras, baby monitors and CCTVs only to be broadcasted over the Internet.

These vulnerabilities are terrifying and could result in broken marriages, lives lost, children exploited and sensitive information sold. For those using connected home appliances, the danger lurks that hackers could remotely turn their lights off, disarm their security system or unlock doors, raising a bevy of privacy concerns.

As much as we would like to keep our lives safe, some things are out of consumers’ hands and it’s the manufacturers that need to take the first step in keeping people secure.

How manufacturers can secure the IoT

In a statement sent to SiliconANGLE, INSIDE Secure experts shared some security practices that are applicable not only to connected cars, but for connected devices in general.

  1. INSIDE Secure suggests that device manufacturers add cryptography to ensure that communications and authentication between software inside a device and between devices are authenticated, and ensure that software is only allowed to run in a manner designed by the coder.
  2. Add in remote security monitoring to alert [developers] if there is a software or network breach. It is believed that hackers are always a step or two ahead of developers, which makes creating a white or black list for known attacks useless. By adding security monitoring, developers can keep an eye on the software and act fast if a breach is detected.

Reducing IoT vulnerabilities

Hewlett-Packard Co. has also released a study regarding the vulnerability of smartwatches as a result of insufficient authentication, lack of encryption and privacy concerns. The study revealed that data collected initially on the watch and transmitted to a mobile app are often sent to multiple back-end destinations, and in 90 percent of the smartwatches tested, communications are trivially intercepted. It was also noted that smartwatches that connect to the Cloud often used weak password schemes, making them more vulnerable to attacks.

To properly address these vulnerabilities, HP included recommendations in its report that can also be applied to Internet of Things (IoT) devices in general.

  1. For consumers, HP recommends they not enable sensitive access to control functions, such as car or home access, unless strong authentication, such as two-factor authentication, is available. Users are also advised to enable security functionality to prevent unauthorized access to data, as well as to avoid approving unknown pairing requests.
  2. Device manufacturers are advised to ensure TLS implementations are configured and implemented properly, protect user accounts and sensitive data by requiring strong passwords, implement controls to prevent man-in-the-middle attacks, and build mobile applications into the device — in addition to any vendor-provided or recommended apps.

Hugo Fiennes, CEO and cofounder of Electric Imp, Inc., also recently offered up specific IoT security tips for device manufacturers and consumers. In his list of tips, Fiennes warns that there is no absolute security in today’s world. He goes on to point out that since security features can change the functionality and usability of an app or product, security capabilities should be implemented as early as possible to avoid problems in the late stages of development.

Tools for protecting IoT

Icon Laboratories, Inc. announced the release of Floodgate Security Manager which is a security management software suite specifically designed to protect IoT gadgets and embedded devices against cyber-attack. The suite can be operated as either an on premise or a cloud-based security manager.

Floodgate Security Manager provides device status monitoring, security policy management, command audit logging, and security event logging and reporting for devices running Icon Labs’ Floodgate Agent or other lightweight IoT management protocols such as COAP and MQTT.  It provides comprehensive reporting and auditing capabilities to help achieve EDSA Certification, ISA/IEC 62443 Compliance, and/or compliance with the NIST Cybersecurity framework.

Trustwave Holdings, Inc. and Attify, Inc. also offer their own security tools that will keep the connected world safe.
The Trustwave Managed IoT Security service promises to keep the connection between the connected device and the cloud secured; find weaknesses in connected products and services; and monitor and secure infrastructure and services that empowers delivery of IoT services to reduce compromise risk and protect customer data and privacy. The Trustwave Managed IoT Security platform was developed in collaboration with Trustwave SpiderLabs, a group of ethical hackers that performs penetration tests on apps and devices.
As for Attify, the company offers pentesting and app auditing services for enterprise apps and IoT. It also offer AppWatch, the company’s mobile app security platform, that features mobile security risk assessment and mobile security analytics.
Photo by elhombredenegro 

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU