Taking responsibility: Six ways developers and manufacturers can build a more secure IoT

Thomas Fischer of Digital Guardian

Poor IoT device security is a growing concern throughout the business world. Thomas Fischer, Threat researcher and Global Security advocate at Digital Guardian outlines six ways IoT product developers and manufacturers can prevent their devices from being turned into a botnet army.

Despite still being in its relative infancy, the Internet of Things (IoT) has already developed a reputation for poor security. Sadly, it is justified. With IoT spending sky high and demand only increasing, developers and manufacturers are rushing to put new products out into the marketplace. Unfortunately this rush means robust security measures frequently become an afterthought, which inevitably results in users being put at risk.

Gartner estimates that over 20 billion IoT devices will be in the marketplace by 2020, so if even a fraction of these devices are unsecured it adds up to a big problem. Never has this been more apparent than in the wake of the DDoS assault on Dyn last year, which turned millions of malware-infected IoT devices into a botnet army, crippling the DNS provider and halting traffic to hundreds of popular websites including Facebook, Twitter and Amazon.

But despite such high-profile attacks making global headlines, the vast majority of consumers remain dangerously unaware of the security risks their exciting new IoT devices pose.

As connected devices increasingly permeate all aspects of our lives, the burden of properly securing them must fall squarely on product manufacturers and software developers. After all, it makes sense that those developing and profiting from IoT technology ensure the products they sell pose no risks to end user security or privacy.

World Cloud with Internet of Things related tags
World Cloud with Internet of Things related tags

With this in mind, below are six key areas that security efforts should focus on, in order to permanently improve the security of IoT devices and reduce the risk placed on consumers.

    • Device identity and authentication – Proper and secure authentication with individual device identification allows a secure connection to be built between the devices themselves and the backend control systems. If every device has its own unique identity, organisations will be able to confirm that the device communicating is indeed the one it claims to be. This requires individual device identification based on solutions like PKI.
    • Encryption – When utilising IoT solutions, organisations must encrypt traffic flowing between devices and backend servers. Ensuring that the commands are encrypted and looking at command integrity via signing or a strong encoding is vital. IoT devices should also encrypt any sensitive user data collected as well.
    • Physical security – Physical security is paramount. Integrating tamper-proofing measures into device components should be at the forefront of all developers minds as it ensures they cannot be decoded. Additionally, ensuring device data related to authentication, identification codes and account information are erased if a device becomes compromised will prevent private data from being used maliciously.
    • Streamlining update processes – Unfortunately, in their rush to get products to market, manufacturers sometimes build devices with no firmware update capability at all. Ensuring a consistent process that allows for flexible firmware deployment will allow developers to create new models while distributing security fixes universally across all existing product lines.
    • Coding securely – IoT developers must implement secure coding practices and apply them to the device as part of the software build process. Focusing on QA and vulnerability identification/remediation as part of the development lifecycle will streamline security efforts while helping to mitigate risk.
    • Build without backdoors – Today it is easy to build devices with a backdoor inside, for surveillance or law enforcement purposes. However, this practice compromises the integrity and security of the end user. Manufacturers must ensure that no malicious code or backdoor is introduced and the device’s UDID is not copied, monitored or captured. Doing so will guarantee that when the device registers online, the process is not captured or vulnerable to interception, surveillance or unlawful monitoring.

The full potential of the IoT is still far from being realised, but as more IoT-related data leaks and cyber attacks make the headlines, manufacturers are coming under increasing pressure to improve the security of their products. If followed correctly, these six steps will not only allow providers of connected technology to remain competitive, but help to build an IoT which is more robust, better protected and safer for everyone.

The author of this blog is Thomas Fischer, threat researcher and global security advocate at Digital Guardian

Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow


Advanced IIoT gateways with Azure IoT edge integration for remote management at unmanned sites

Posted on: July 6, 2022

When embracing the new era of the Industrial Internet of Things (IIoT), many system integrators and engineers face the critical challenge of finding a secure and reliable IIoT-gateway solution that offers regular security patches to remedy system vulnerabilities in a timely manner. Moxa’s newly launched AIG-300 Series IIoT gateways come with Azure IoT Edge integration

Read more

Aeris Intelligent IoT network provides System Loco with reliable connectivity for worldwide track and trace of sustainable IoT-enabled smart pallets

Posted on: July 5, 2022

Aeris, the global Internet of Things (IoT) solutions provider, announced that System Loco, a global provider of supply chain and asset tracking solutions, has selected the Aeris Intelligent IoT Network to provide next generation connectivity to support and manage the worldwide track and trace of smart pallets employed by System Loco’s customers throughout the world.

Read more

9 IoT applications that will change everything

Posted on: September 1, 2021

Whether you are a future-minded CEO, tech-driven CEO or IT leader, you’ve come across the term IoT before. It’s often used alongside superlatives regarding how it will revolutionize the way you work, play, and live. But is it just another buzzword, or is it the as-promised technological holy grail? The truth is that Internet of

Read more

Which IoT Platform 2021? IoT Now Enterprise Buyers’ Guide

Posted on: August 30, 2021

There are several different parts in a complete IoT solution, all of which must work together to get the result needed, write IoT Now Enterprise Buyers’ Guide – Which IoT Platform 2021? authors Robin Duke-Woolley, the CEO and Bill Ingle, a senior analyst, at Beecham Research. Figure 1 shows these parts and, although not all

Read more

CAT-M1 vs NB-IoT – examining the real differences

Posted on: June 21, 2021

As industry players look to provide the next generation of IoT connectivity, two different standards have emerged under release 13 of 3GPP – CAT-M1 and NB-IoT.

Read more

IoT and home automation: What does the future hold?

Posted on: June 10, 2020

Once a dream, home automation using iot is slowly but steadily becoming a part of daily lives around the world. In fact, it is believed that the global market for smart home automation will reach $40 billion by 2020.

Read more

5 challenges still facing the Internet of Things

Posted on: June 3, 2020

The Internet of Things (IoT) has quickly become a huge part of how people live, communicate and do business. All around the world, web-enabled devices are turning our world into a more switched-on place to live.

Read more

What is IoT?

Posted on: July 7, 2019

What is IoT Data as a new oil IoT connectivity What is IoT video So what’s IoT? The phrase ‘Internet of Things’ (IoT) is officially everywhere. It constantly shows up in my Google news feed, the weekend tech supplements are waxing lyrical about it and the volume of marketing emails I receive advertising ‘smart, connected

Read more
IoT Newsletter

Join the IoT Now online community for FREE, to receive: Exclusive offers for entry to all the IoT events that matter, round the world

Free access to a huge selection of the latest IoT analyst reports and industry whitepapers

The latest IoT news, as it breaks, to your inbox