Over 15 million users of T-Mobile were shocked and threatened in 2015, due to a data breach at the world’s biggest consumer credit monitoring firm Experian. This is not the only instance of data breach, but there were plenty of them observed from 2016 to 2019 such as Verizon, Ofcom, Cox Communications, Bell Canada, and Mobile TeleSystems Russia. Such incidents come to us as a reminder that although technologies such as IoT are helping connect people and things in a variety of ways, security is still a major concern for the telecom industry.
IoT Security Challenges
With the heavy influx of smart devices hitting the market each day, security woes are increasing exponentially. For many IoT start-ups, security is often considered as the last thing, in a haste to get products into the market Let’s look at some of the most prominent IoT security challenges:
- Embedded devices today are hubs of very important and confidential data. A cyber-attack on any device could have catastrophic consequences.
- As embedded devices are generally mass-produced, there are millions of identical devices. Even if one of the devices is hacked, it can be a major security threat for all the devices that are connected to a single service provider.
- Many embedded companies assume that circuits are not targets for hackers and hence do not implement security features on the circuit.
- Most silicon chips that are manufactured only run the software that was installed during development. To enable a software update, the capability needs to be designed into the device early in the design.
- The life cycle for embedded devices typically spans across one or two decades. Developing a device today that shall meet the ever-evolving security requirements for the next two decades is an enormous challenge.
- Embedded devices frequently use some special system procedures that are not identified and protected by enterprise security tools.
As more and more IoT devices hit the market, security attacks are bound to continue. So how to reduce security attacks? Although securing IoT is not a one-man’s job, rather it is a collaborative effort that requires equal contribution from device manufacturers and service providers.
Let’s look at some of the most important security features that embedded companies need to consider while designing an IoT device:
- Secure Boot: Embed a unique code with every device, and ensure the code is authenticated and that the firmware has not been altered or tampered with.
- Encryption: Ensure data storage and communication is encrypted with the latest encryption techniques such as AES256.
- Secure Communication: Any communication to and from the device should be secured using encryptions such as SSH and SSL.
- Code Updates: Use secure code update mechanism that ensure code on the device can be updated for security patches and bug fixes.
- Embedded Firewalls: Provide a critical layer of protection by embedding firewalls and limit communication to only known and trusted hosts.
- Intrusion Detection: Ensure the device can detect and report invalid or suspicious login attempts
Internet Service Providers
Internet Service Providers can majorly contribute to IoT security:
- By blocking or filtering malicious traffic driven by malware, ISPs can protect devices and critical user information from being leaked or misused.
- ISPs can also notify consumers when a device on their network is sending or receiving malicious traffic. Consumers could then take action to find and secure the compromised IoT device.
- In a worst-case scenario, where malware cannot be identified and blocked, ISPs can quarantine the affected device by cutting it off from the network.
Today’s IoT devices are the hubs of critical data exchange. Including security in these devices is a critical design task, but a crucial one. By considering security features early in the design process, device manufacturers can ensure the device is protected from advanced cyber-threats of today and tomorrow by implementing protocols such as NB-IoT or LTE-M based on their bandwidth, power and connectivity requirements.
Contact us to know more about developing secure devices.