The Internet of Things (IoT) consists of everyday devices that connect to each other via the internet or other wireless networks. IoT devices are used in industrial applications and manufacturing, as well as in all types of vehicles and in the home. Despite the widespread deployment of IoT devices, however, little attention has been paid so far to the need to secure these devices from unwanted access or manipulation. As a result, there may already be billions of deployed IoT devices with inadequate security measures.
To help you protect your IoT devices from hackers, we're offering a selection of tips and advice on IoT security in this week's blog post. We'll elaborate on the importance of IoT security, then offer some basic and actionable advice that can help you secure your device against unwanted physical or cyber attacks.
While global quantities of IoT devices can now be counted in the tens of billions, security remains one of the most important concerns that will impact market success for product developers. As IoT devices see increased adoption in industrial, commercial and residential applications, issues with IoT security can lead to all sorts of negative consequences.
An example that's garnered much attention recently is CAN bus hacking in vehicles. Modern vehicles are heavily computerized, with each vehicle containing several different embedded systems across multiple networks. There is typically one network for engine and powertrain messages and a separate network for other types of data transmissions like radio and door locks. Each device on the vehicle network represents a potential attack vector for malicious actors.
A hacker that gains access to the vehicle can connect a laptop to the vehicle's CAN bus controller to gain control of its computer systems.There have also been reports of hackers intercepting radio signals from key-less entry systems and cloning the signals to gain remote access to the CAN bus. Without the adequate security protocols in place, a hacker could remotely control a vehicle and steal it, joyride it, or use it in a crime.
Other types of IoT devices may be vulnerable to security threats as well. A home security system connected to the IoT could be penetrated by hackers and used to spy on home-owners or deliver false alarms. Some companies are using IoT devices to manage warehouse operations - here, a hack that causes unexpected system downtime could cost a company millions of dollars. The bottom line is that with billions of devices now connected to the IoT, there is a massive need to develop technology and common standards to ensure that these devices are not vulnerable to security breaches or tampering.
Physical security, which can also be thought of as hardware security, consists of securing the physical IoT devices from interference by a malicious actor. While hackers may still be able to attack IoT devices through software or communication networks, adequate physical security will prevent hackers from directly tampering with devices. Here are a few steps you should take to start protecting your IoT devices against physical attacks.
When it comes to physical attacks against connected devices, it can be useful to distinguish between invasive and non-invasive attacks. An invasive attack requires the attacker to gain access to the chip surface - they will need to completely open the device. A non-invasive attack simply requires that the attacker is close enough to the device to sense and manipulate its electrical characteristics. Both types of attacks should be accounted for in your physical security plan.
Unlike network or software attacks, physical attacks typically only take place when the attacker can gain reasonably proximal access to the target device. Organizations with facilities that depend on IoT devices must take every precaution to secure the facility against all unwanted visitors and uninvited guests. Preventing unauthorized access to IoT devices is an excellent step towards mitigating the risk of a tampering attack.
Take a few moments to recognize seven different types of physical attacks against IoT device security. Which ones might apply to your devices? How would you prevent that?
Cyber attacks against IoT devices are becoming increasingly common. With so many new products coming out, consumers are excited to benefit from the latest conveniences that the IoT can offer. At the same time, consumers should be waking up to the very real security risks that can come with IoT devices and the need to secure those devices against possible cyber threats. We offer three tips to begin securing any IoT devices you currently own.
Home or business routers are a frequent target of IoT device hacking because many people neglect to change the default password. On any laptop, you can establish a connection with any network within range and access the router interface by typing its IP address into the address bar of any browser. For most routers, the default IP address is 192.168.2.1 and the default password is something like "admin". Leaving passwords on the default setting makes it painfully easy for hackers to gain access to your browsing history, online banking, etc. Always change default passwords!
A virtual private network is a great way to protect in-home IoT devices against cyber attacks. When you connect to the internet from a home network, you broadcast your IP address across the internet for all to see. A malicious actor that finds your IP address may be able to use it to identify unsecured IoT devices that share the same address and try to attack or control them.
A VPN acts as a remote server that hides your IP address from the world when you browse the internet, shielding your IP address, location and identity from anyone who might be watching.
A third step you can take to prevent cyber attacks is to perform frequent software updates for your IoT-connected devices. The companies that produce these devices release security patches that guard against known security issues. By updating on a regular basis, you'll gain access to the latest protections against the best known threats that the product manufacturer has identified. While this won't protect you against zero-day attacks, you should be less vulnerable to well-known attacks that may have affected others with the same device.
The IoT marketplace is growing rapidly, but the development of IoT security is lagging behind and there's still plenty of work to be done for engineers who wish to secure their devices in the future. In addition to adequate protection from physical and cyber attacks, IoT devices should be thoroughly assessed to determine whether there are any security vulnerabilities in the code.
At Total Phase, we create powerful diagnostic tools that help embedded systems engineers test and debug their products more efficiently and bring products to market faster and with lower costs. Want to see how we can help you deliver a more secure IoT product?