When Things Go Wrong with IoT Connectivity
When IoT connectivity goes wrong, it can go very wrong very quickly:
- In 2018, a couple in Portland, Oregon were horrified when they discovered that their Amazon Echo had secretly recorded their private conversation and sent it to one of their email contacts.
- The IoT search engine Shodan allows users to hunt for exposed IoT devices, including servers, cameras, appliances, and control panels.
- A “white hat” hacker spoke to an Arizona man through his IoT security camera, informing him that his password had been compromised and published online.
- In June 2019, medical device company Medtronic recalled 4,000 IoT insulin pumps after discovering a security hole that was not possible to patch.
- Multiple journalists and security researchers have demonstrated how an attacker can remotely seize control of an IoT-connected vehicle.
How to Prevent IoT Connectivity Risks
With all that said, how can you prevent a similar disaster scenario for your own IoT devices?
The most important thing is committing to making the effort to develop and maintain a secure IoT device. Far too many IoT development firms treat security as an afterthought, not a priority.
Part of the blame lies in the current state of the IoT consumer market. There’s a financial incentive for companies to get a jump on their business rivals by pushing their products out as quickly as possible. This is especially true for startups that are competing against mature, established IoT players like Amazon, Google, and Apple.
Security needs to be considered at every stage of the IoT development process, starting from design. Ask yourself questions such as:
- What kind of data will be collected by the device?
- What kind of data will be stored on the device?
- How does the device transmit information to other devices in the network?
- Is the data collected, stored, and transmitted by the device important enough to be encrypted while in transit and at rest?
Traditionally, IoT hardware security has received less of a focus due to the ease of physically accessing the devices (and thereby impersonating them by stealing their cryptographic key). However, this is changing with the growing adoption of hardware security modules (HSMs).
HSMs are physical computing devices that store SSL certificates without allowing users to tamper with them or read their contents. This feature enables an HSM to protect a device’s encryption key and prevent malicious users from impersonating it.
From a reactionary standpoint, enabling over the air (OTA) firmware updates is a very good idea. Installing updates remotely helps defend against security exploits and vulnerabilities that are discovered only after your product is released.
Creating Secure IoT Products
Security is an essential question for IoT connectivity. The good news is that you can take proactive steps to defend yourself and make your devices a less appealing target. However, you need to work with an IoT development company that knows IoT security best practices in order to mitigate your risk as much as possible.
Here at Very, IoT security is a preeminent concern from the start of every IoT project and throughout the development process. To learn more about how we create IoT products, check out our complete guide to IoT development.