Internet Of Things: Some Security Recommendations For Use

Internet of Things (IoT) and Smart Home have arrived in the general public since Amazon Alexa at the latest. Many of them have more than just a smart home device. At least one million devices are expected. No wonder, smart home devices help us save energy (smart lamps /sockets /thermostats), secure our home (intelligent door locks and alarm systems, IP cameras), and improve our quality of life in general.

Assistance systems can not only call up information by voice command. No, smart home devices can also be controlled with it. Technologies such as IFTTT (If this then that) enable devices to take action when a previously defined event occurs on another device such as the Smart Lock is unlocked and after 6 p.m., then turn on the light in the corridor. In short: the Internet of Things and Smart Home can be efficient and offer many functions.

However, this variety of functions can also be misused. Successful attacks can be expensive for the victims (the thermostat is turned on remotely by an attacker while the residents are on vacation), they can be dangerous (smart sauna heater overheats), they can be uncomfortable (the owner is informed by his IP Camera spied) or all together: a door locked with a smart lock is opened to break in without leaving any traces. The burglar can steal a lot (expensive), come across private information (unpleasant), and attack witnesses (dangerous).

So safety should be a top priority. The reality is known to be different, as functions and features sell better than security. Especially when technologies are relatively new, attempts are made to bring a product onto the market as quickly as possible. As a result, IT security measures are not yet adequately implemented when the product is released.

However, the level of security has increased compared to previous years – albeit not always sufficient. This is partly because standards such as ZigBee, Apple Homekit, or Google Nest have become established, and a trend towards relocation to the cloud can be recognized. The latter has a positive effect on secure implementation but harms privacy. The increased computing capacity of the processors that support (stronger) encryption can be seen as positive.

Want More Information About Our Services? Talk to Our Consultants!

However, not all devices are secure by a long way. The user can often deactivate the insecure functions of the devices (access to the Internet, etc.). Still, since it is no longer only technically experienced users who procure Internet of Things devices, this is insufficient. A device must be inherently safe and remain secure.

Automatic and secure firmware updates
Randomly generated passwords instead of standard passwords
Secure standard settings
Use of encryption
Data economy (data protection)
Use proven algorithms

Internet of Things: Automatic and secure firmware updates

Mirai has been attacking hundreds of thousands of Internet of Things devices such as IP cameras and adding these devices to existing botnets. The exploited security gaps are known and could be closed, but for many of these devices, no firmware update is planned, which is why Mirai should still exist in the next few years.

IoT devices should therefore implement the option of a firmware update. If the devices have access to the Internet, they should be updated automatically by default. But in addition to automatic updates, it is also essential that these are of integrity and imported correctly. If an attacker can manipulate the firmware before installation, the firmware update creates a new attack vector.

There are several approaches for fast and secure firmware updates of Internet of Things devices:

Schnorr updates
PC-based
Physical unclonable function (PUFs)
Blockchain
Schneider-IoT update mechanism
Mongoose OS

Each of these approaches has advantages and disadvantages. Therefore, as a developer, it is advisable to compare these approaches to find the right solution for your application environment.

Want More Information About Our Services? Talk to Our Consultants!

Internet of things: Randomly generated passwords instead of standard passwords

Many Internet of Things devices has standard logins such as admin: admin or root. If these devices can be reached from the Internet and the user does not change the password, the attacker has an easy time. Devices with common passwords are quickly known on the Internet and are easy for everyone.

To find using search engines such as Shodan. Permanently encoded service passwords are also not advisable, as these can be found by reverse engineering and then placed on the Internet. It would be better to proceed as it has been customary for routers for years. A randomly generated password that is attached to the device on a sticker, for example. If the user forgets his password, he can restore the original state by resetting the device.

Safe Default Settings

Devices should be shipped with settings that are too secure rather than too open. A thermostat or an IP camera does not have to be accessible from the Internet by default. If this is still desired, the user should activate this manually (opt-in instead of opt-out).

Use Of Encryption

Communication to devices and IoT servers should be encrypted. This is especially true when the devices communicate by radio outside their encrypted WLAN. An attacker can easily intercept, read or even change data packets. A secure algorithm should be used that also recognizes modifications to the packages.

Data Economy

Products should only send and save the most necessary data. On the one hand, this saves resources – but above all, it limits the information that an attacker can learn about the victim. If a lot of personal data is sent and saved, end-to-end encryption should be considered.

Use Proven Algorithms

When it comes to IT security, older, proven technologies are often better than in-house developments. This is because older standards have already been tested by many people and found to be safe. Of course, this does not mean that these are also error-free (see Meltdown / Specter). An in-house development, on the other hand, can contain many errors.

Want More Information About Our Services? Talk to Our Consultants!

Conclusion

Implementing these points does not guarantee that the product is safe. However, it reduces the attack surface enormously. If the product is even more secure, a secure development process and product testing are recommended. For example, the soft check Security Testing Process.

It contains six methods for identifying security gaps: Security Requirements Analysis, Threat Modeling, Conformance Testing, Static Source Code Analysis, Penetration Testing, and Dynamic Analysis: Fuzzing. Each of these methods identifies different classes of vulnerabilities. These methods have already been used to identify security gaps in intelligent meter gateways.

Some Tips On Choosing a 3D Video Rendering firm

A Complete Guide For Buying A Cryptocurrency

5 Big Problems With The Internet Of Things Facing In 2022

ERP Software Can Benefit Manufacturing Business

The Best Framework For Web Development?

How to Use a Free Article Directory for Internet Marketing

Bull and Bear Traders On The Forex Market

How Can a Learning Management System (LMS) Benefit Your Company?

The Faster Development of Cryptocurrency

What A Web Designer Understands About Web Development

Custom Software Development: Which Industries Does it Benefit?

7 Things To Be Careful Before Making Cryptocurrency Investments

11 Amazing Web Development Techniques

Why Should You Care About A Crypto Wallet For Self-Growth?

Topmost 20 Mistakes of 2D Drawing That Every Engineer Must Avoid

What Makes React Native a Great Mobile App Development Framework?

Methods To Start Expert Share Trading

Social Media Is An Imp Player In B2B Research

How Social Media Can Improve Your Website SEO

7 Factors Why Company Needs an ERP System

Software Developers Fear That Artificial Intelligence Will Soon Replace Them

The Potential of ERP Software to Improve Construction Projects

Businesses Worldwide Benefit from Social Media

Top Trending CMS For Website Development

Value Quotient and Custom Software Development Company