by Alan Grau, President – Icon Labs
Wireless connectivity is a critical component for many new IoT devices. The advantages are obvious, but what is perhaps not as obvious is the cyber threats that these devices are exposed to over these wireless networks.
Reported hacks against IoT devices include things as diverse as remotely flushing IoT connected toilets, intercepting and re-streaming video from Internet camera systems, unlocking smart door locks, and remote hacking of cars. The implications are obvious.
Wireless Connectivity
The majority of IoT devices connect either directly or indirectly to the Internet using a variety of wireless protocols including WiFi, 6LoWPAN, ZigBee, Bluetooth®, WiMax, cellular, Z-Wave, ANT+, etc. Wireless connectivity is extremely convenient and enables a host of features that would not be possible otherwise. While valuable, wireless connectivity provides an attack vector that can be targeted by anyone with close physical proximity to the wireless device.
Unsurprisingly, given the rapid deployment of new devices, vulnerabilities have been reported in many different types of devices. Internet connected light bulbs using 6LoWPAN mesh networks have been hacked, smart meters have been compromised via an optical debug port, and wireless smart home devices have been compromised.
Protecting Wireless IoT Devices
These devices are cost sensitive and they’re built with the lowest cost CPU and minimum memory required to support their function. Due to the limited resources available, they are not able to run a traditional operating system such as Linux, but instead run a specialized embedded operating system or RTOS (Real-Time Operating System). As a result, the homeowner using smart home devices cannot install security software onto the device. The solution is for security to be designed into the device itself.
While these devices are characterized by minimal processing resources, they include a TCP/IP stack or other communication interface and utilize the Internet for reporting, configuration and control functions. As their numbers skyrocket, so has the number of cyber attacks targeting these devices. To protect against the growing threat from hackers, these devices require robust, multi-layered security to protect against attacks.
The embedded marketplace needs a resource-friendly security solution specifically designed to provide sensible defensive capabilities against a variety of Internet-based attacks.
Making a Secure Wireless Device
Building protection into the device itself provides a critical security layer—the devices are no longer dependent on the corporate firewall as their sole layer of security. In addition, the security can be customized to the needs of the device.
Security must be considered early in the design of a new device or system. Support for secure boot requires specific hardware capabilities, so this capability must be considered prior to selecting hardware. Security capabilities that must be considered include secure boot, secure firmware update, secure communication and data security. Security management and intrusion detection are also important, and often overlooked in IoT devices.
Summary
Today’s IoT devices are complex connected computers that perform critical functions. These devices frequently communicate over wireless networks, creating an attack vector that can be easily accessed. Including security in these devices is a critical design task. A comprehensive security framework can provide critical security capabilities to ensure device security.
Alan Grau is president and co-founder of Icon Labs, a leading provider of security software for IoT and embedded devices. He is the architect of Icon Labs’ award winning Floodgate Firewall. Icon Labs was named a 2014 Gartner “Cool Vendor” and 2015 Gartner “Select Vendor,” and is focused on creating The Internet of Secure Things by providing security from and for even the smallest IoT devices.
Alan has 25 years’ experience in telecommunications and the embedded software marketplace. On December 29, 1992 Alan co-founded Icon Labs, an embedded systems software development company whose clients include Motorola, Lucent Technologies, Intel and Tellabs. Prior to founding Icon Labs, he worked for AT&T Bell Labs and Motorola. Alan has an MS in computer science from Northwestern University. You can reach him at alan.grau@iconlabs.com
About Icon Laboratories, Inc.
Icon Labs, a 2014 Gartner “Cool Vendor” and 2015 Gartner “Select Vendor,” is a leading provider of security solutions for IoT and embedded devices, including the award winning Floodgate Defender and Floodgate Security Framework. Founded in 1992, Icon Labs is headquartered in West Des Moines, Iowa. For more information, visit www.iconlabs.com
(264)
