Product Security Glossary

IoT Security

What is IoT Security?

IoT security is a set of principles and practices that are designed to protect Internet-connected devices from malicious exploits by malicious attackers. 

Why do we need IoT Security?

The Internet of Things (IoT) allows devices such as smart doorbells, security cameras, smart speakers, and remote sensors, to communicate either with each other or with a central gateway. IoT devices are used in industry, science, and to make peoples’ own personal lives easier.  You’ll see them in industrial control systems,

remote weather stations, at home in your baby monitor or Alexa speaker, and many other places besides.  And, if you have a fairly late-model car, you’re driving around with built-in IoT devices that maintain contact with the car manufacturer, a satellite radio service, and possibly other entities as well. 

You need to be concerned with security any time that you’re online, even if it’s just with your normal computer.  IoT security is even more important because there’s more at stake.  To begin with, a compromised IoT device can seriously compromise your privacy.  For example, if someone could hack your smart electric meter and read the info that gets sent back to the electric company, he or she could build a profile of your life by viewing patterns of electricity usage. 
 
More importantly, a compromised IoT device could present a clear safety problem. 

Consider, for example, the following scenarios: 

  • Your health depends upon a medical device that needs to be constantly monitored. 
  • A factory depends upon a set of Internet-connected sensors to maintain safe working conditions. 
  • You’re concerned about your children, so you have a baby monitor in their bedrooms. 
  • You’re driving a late-model car, and someone hacks into the car’s control system and takes control away from you.  

In all these cases, proper IoT security could save lives, as well as protect peoples’ privacy. 

How can we have proper IoT Security?

IoT devices can be a bit trickier to secure than your normal desktop computer.  They’re mostly wireless devices that communicate via a variety of IoT wireless protocols.  These wireless protocols must be properly secured in order to prevent hacks or data leaks.  In addition, the operating systems, and applications on each IoT device must be configured securely, with proper access controls.  For example, secret keys must be stored in a secure area that hackers can’t reach. Proper authentication is needed to ensure that only authorized personnel can log in. The boot process for each device must be safeguarded, to prevent attackers from replacing the legitimate operating system with something malicious. Such security measures are covered by many standards and best practices. For example the IoTSF Secure Design Best Practice Guide is a good and clear guidance for any IoT developer.  

If you check around, you’ll find IoT security businesses that can scan the firmware on your device to find any potential security vulnerabilities. 

Physical IoT security is a bit trickier, because many IoT devices must be out in the open where anyone can get to them. Still, there are some things that can be done to make it harder to hack an accessible device. For example, you might need to place a security camera into a tamper-resistant cage. 

Another IoT security challenge is that of legacy devices that were built before the Internet of Things became the pervasive reality that it is today.  These older devices, most of which have never been hardened against attacks, present a clear threat when connected to the Internet.  These devices need to be hardened, if at all possible.  If it’s not possible to harden them, they should be replaced with something that’s newer and more secure.