It may seem paranoid to fret about criminals hacking your refrigerator or reprogramming your coffee machine, but as more devices join the Internet of Things (IoT), those concerns are becoming common. IoT security is becoming a bit concern, especially in personal devices like mobile phones and health trackers. Thankfully manufacturers (including us) have devised hardware-based encryption and security that can make the IoT much more secure.
New Vulnerabilities
Every new Internet-connected device gives hackers new opportunities. A recent report by security experts Symantec found that nearly every wearable health tracker on the market was vulnerable to attack using off-the-shelf radio receivers and some basic know-how. The report, titled “How Safe is the Quantified Self,” found that users’ information could easily be compromised by third parties. The report also found that health information (pulse rate, etc.) could be intercepted and recorded. Similar vulnerabilities have been found in IoT baby monitors, cameras, and more.
Even more alarmingly, white-glove hackers recently reported being able to cut power to a car via its Internet connection. Hackers Charlie Miller and Chris Valasek were able to commandeer an on-the-road vehicle remotely using a laptop—controlling the HVAC, radio, before ultimately turning off the ignition.
IoT security expert Dave Palmer, director of technology for Darktrace, recently told TechRepublic: “Modern businesses are digital hives of connected objects that all too often lack adequate security, providing attractive gateways for cyber attackers. That could be anything from a printer or a thermostat connected to the corporate network, through to a connected coffee machine … these devices are part of the modern tech scene today, but they are relatively unprotected and vulnerable to new threats, such as ransomware.”
So what can be done about it?
IoT Defense
Thankfully, stunts like Miller and Valasek’s brought much-needed attention to IoT security. Just weeks afer their car hack, the manufacturer issued a recall to patch the vulnerability. Other manufacturers have taken note, too. Software giant Microsoft has promised to add more layers of encryption to its OS and security firm Gemalto has taken the lead in securing payment processing.
And some IoT software is going open source, making it easier for manufacturers and software companies to update and secure firmware to protect against hacks. For example, software company Pwnie recently made their Bluetooth and Android security software open source for manufacturers and developers. Director of R&D at Pwnie Rick Farina recently told ZDNet: “Pwnie Express’ roots are in the open-source community. Developing and releasing open-source tools reinforces our commitment to give back to the security community and make it easier for security teams to address the growing device/threat landscape. These tools will help security professionals with Bluetooth visibility, which is key to effective device/threat detection in our increasingly connected and IoT world.”
Hardware and Software Encryption
Hardware has a big role to play in IoT security. On-board encryption and microcontrollers can be used to create hard or impossible-to-hack security schemes. Our own STSAFE-A100 is a secure turnkey solution that provides strong authentication services and can be used with microcontrollers. It features an embedded operating system and is certified to Common Criteria EAL5+, banking-level security standards.
The STSAFE-A100 makes sure only authorized IoT devices can access online services and only authorized accessories or consumables are recognized and accepted by an application.
Using combinations of hardware and software, manufacturers can build stronger security schemes into IoT devices and help create standards to keep the IoT safe.
