IoT software security is the thing

Guillaume Rager, CAST Software

This year ‘car hacking’ stories went mainstream. The most frightening was the Jeep Cherokee exploit which made consumers and businesses worry about the safety of our future ‘connected world’.

Analysts at IDC predict spending on Internet of Things (IoT), will exceed US$7.3 trillion by 2017. However, without proper software assurance as instituted from the onset, this won’t be a growth trend, it will be a disaster, says Guillaume Rager, product manager, CAST Software.

Smart hardware is only as good as its underlying software. Manufacturers have known for a long time that putting ‘glitchy’ software onboard devices is asking for trouble. Poorly written software is one of the greatest safety issues today.  We’ve seen countless examples of when violations of good coding and architectural practices cause an application to be less reliable and less secure.

In the IoT, this can be downright dangerous. If the smart device is a light switch that turns on when you enter the room, badly written code might result in a stubbed toe. But if it’s a ‘smart’ smoke alarm, fire sprinkler system, or a pacemaker (which can typically contain up to 100,000 lines of code), human lives may be on the line.

IoT is not really creating new problems. Rather, it is exposing developers to problems and capabilities that are already well known, at least in some circles. For example, enterprise and web developers are very familiar with the need for robust security against local and remote attacks by checking or validating data.

The notion of input validation, as the first line of defense, is well accepted in connected systems today. However, IoT development expands the scope of those concerns. Embedded, device, and mobile developers need to start considering security challenges such as input validation during development. It will be too costly to redesign onboard systems to include these defenses after they have been shipped.

14714119_For editorial use only Road Record Jeep Grand Cherokee S-Limited
Jeep Cherokee

In the IoT ecosystem, first to market is often the market leader and developers are therefore under further pressure to get products released. However, this could mean sacrificing quality and dependability for speed – already an issue in many software-intensive environments today.

Despite developers’ best intentions, management is always looking for short cuts. Third-party components help offload some of the burden, but in the IoT, with more complexities and upkeep, components need to be maintained and updated to address problems, like security vulnerabilities, much faster.

One way to meet such demands and ensure the security and software quality of IoT devices is to adopt best practice around software quality, including:

  • Management needs to take responsibility for software assurance – Any manufacturer that doesn’t have a set of analytics to track their software risk – be it reliability, security or performance – will be negligent in their responsibility to customers.
  • Proper code review and repeat testing is a top priority – Manufacturers must communicate this message to development teams and call for stricter software quality measures.
  • Continuous deployment in the connected world becoming business-as-usual – With updates occurring non-stop, often multiple times a day, the software assurance burden on the software that interacts with IoT devices will be higher than ever. If the software isn’t continuously monitored and the code evaluated, this almost certainly guarantees failure.

In addition to measurement and analytics, education needs to be front and centre. We need to communicate with our peers about the direct link between software quality and security. Security vulnerabilities caused by poor coding or system architectural decisions can be some of the most expensive to correct.

By its nature, size, and complexity, software is almost impossible to completely protect from disruptions and breaches. In the IoT, those complexities expand. Understanding the importance of a secure architecture foundation and insisting that developers comply with industry standards will be the first line of defense. CAST can help, so they are not on their own.

The author of this blog is Guillaume Rager, product manager, CAST Software.

Comment on this article below or via Twitter: @M2MNow OR @jcm2m

RECENT ARTICLES
5th Edition Connected Africa announces Telecom Innovation & Excellence Awards 2024 banner

5th Edition Connected Africa announces Telecom Innovation & Excellence Awards 2024

Posted on: April 19, 2024

The International Center for Strategic Alliances (ICSA) has announced the 5th Edition Connected Africa- Telecom Innovation & Excellence Awards 2024, set to be held on 22 May 2024 in Johannesburg, South Africa. Under the theme “Building a Connected Global Economy,” the summit aims to influence the telecom in Africa. With a focus on fostering forward-thinking

Read more
local retailer taking care his business

Facilio launches refrigerant tracking and leak detection software

Posted on: April 19, 2024

Property operations software firm Facilio has announced the launch of its ready-to-deploy refrigerant tracking and leak detection software solution. This is meant for all grocery and convenience store operators who want to implement an automatic leak detection system to identify and mitigate potential refrigerant leaks to achieve 100% compliance.

Read more
FEATURED IoT STORIES
What is IoT answer

What is IoT? A Beginner’s Guide

Posted on: April 5, 2023

What is IoT? IoT, or the Internet of Things, refers to the connection of everyday objects, or “things,” to the internet, allowing them to collect, transmit, and share data. This interconnected network of devices transforms previously “dumb” objects, such as toasters or security cameras, into smart devices that can interact with each other and their

Read more
iot adoption

The IoT Adoption Boom – Everything You Need to Know

Posted on: September 28, 2022

In an age when we seem to go through technology boom after technology boom, it’s hard to imagine one sticking out. However, IoT adoption, or the Internet of Things adoption, is leading the charge to dominate the next decade’s discussion around business IT. Below, we’ll discuss the current boom, what’s driving it, where it’s going,

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more
IoT Now Enterprise Buyers’ Guide Which IoT Platform 2021

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more
CAT-M1 vs NB-IoT

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more
internet of things isometric illustration of connected things

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more
iot challenges and issues

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more