Subscribe to our Newsletter | To Post On IoT Central, Click here


iot security (6)

The companies behind smart home devices are tasked with performing something of a balancing act: customers want full featured devices with the convenience of easy purchasing and control over their homes by voice, but those features can be at odds with the cumbersome security measures that would ensure greater safety.
Read more…

This is my first post on IoT Central.  Looking forward to hearing more about IoT from the members.  

I am curious to see what people think of the MKR Labs report on how hackers can turn your Amazon Echo into a listening device.  According to the report, tt seems one of Amazon's most popular and new products is vulnerable to "a physical attack that allows an attacker to gain a root shell on the underlying Linux operating system and install malware without leaving physical evidence of tampering."  This type of malware can give hackers remote access to your Echo.  It will also give them the ability to grab customer authentication tokens and the ability to stream live microphone audio to any other remote services without altering the functionality of the device.  

Today, GearBrain did a post on this news.  I am curious to see what others think about this type of hacking and how big of an issue you think this is to Amazon and other manufacturers of voice controlled digital assistants like Echo.  

Read more…
An accurate and well-structured security analysis is the key for a holistic security concept and therefore for a secure product. But planing and performing a security analysis can be a hard nut to crack. After collecting experience in more than 6 big IoT projects over the last 2 years I decided to share some key facts that can make your life easier if you have to go the same way.
Read more…
Since many embedded devices are deployed outside of the standard enterprise security perimeter, it is critical that security be included in the device itself. Ultimately, some combination of hardware and software may be required. Building protection into the device itself provides a critical security layer whatever options are used. Security must be considered early in the design of a new device or system.
Read more…

The Internet of Things is changing the world, heralded as one of the most pivotal technology trends of the modern era. We are getting ready to enter a time where everything, quite literally, is connected to the Internet.

For the industrial sector, this is a new area of exploration. Factories have smart infrastructures that use sensors to relay data about machine performance. Cities have smart grids that monitor everything from traffic to the energy used by streetlights. Hospitals can monitor the health of high-risk, at-home patients.

In other words, we are entering a hacker's dream world.

Recent attacks, like the Christmas 2015 attack on the Ukraine power grid, have shown that the Internet of Things possesses severe vulnerabilities. These weak points can be everything from back doors that allow a hacker access to a system to lack of proper use by untrained workers. If your business uses IoT devices, there’s a good chance they are not secure.

Why are so many systems left vulnerable? Weaknesses often come from the same set of five drivers:

 

Source: Allerin

Whether your company is struggling because your devices were deployed too quickly or operational costs constraints got in the way, your team must take measures to fix security risks. Here are four security flaws:

1. Lack of Encryption

Any device that is connected to the Internet to relay data needs encryption. When communication between devices and facility machines are now encrypted, it provides a doorway for hackers to send malicious updates, steal data, and even take control of the system. 

In 2014, an Israeli security firm took control of cars using a specific connected telematics device that failed to use proper encryption.

2. Failing to Install Updates

Once you have a machine-to-machine communication​ system working properly, it can be easy to forget to install the necessary updates to keep the network secure. 

Yet, hackers are constantly updating their strategies and tactics. Failing to install updates and patches leaves your system vulnerable. 

Even if you’re worried about breaking integrations between systems, you should at the least install every security update released by the vendor. These updates are specifically designed to address vulnerabilities discovered in your devices. After all, if your vendor releases a security update, it’s because they found a problem.

You also should know that updates and patches are not always the final solution to security vulnerabilities. Unfortunately, many manufacturers are not able or willing to provide the necessary support to continue updating their devices. 

To avoid this risk, shop carefully for systems that provide updates and are backed by a trusted company.

3. Poorly Built Networks

The modern industrial network is designed to get tasks done. If the design focuses too much on completing that task, it will leave weak points in security. Things that are obvious when building IT networks are sometimes less obvious when creating industrial DNP3 and other network architecture.

The solution to this risk is fairly simple. Those tasked with building industrial networks need to ensure they are partnering with IT professionals to build networks that are safer from attacks. Security features, like deep packet inspection and network segmentation, should be in place from the beginning.

4. Sensors Outside of the Company's Control

Most of the sensors and other connected pieces that make up a network are controlled by the company. But for some companies, that is not the case. For example, power companies have sensors in their customer's homes. 

Sensors outside of the company's immediate control are hard to secure, which gives hackers access. Currently, cloud-based security using public key services to authenticate devices may be the best solution to this problem.

Don't Take The Risk

Industrial security breaches can cause devastating consequences.​ Therefore, the above risks need to be addressed.

As more industrial facilities rely on the Internet of Things, it's important for company teams to be aware of the potential vulnerabilities. Take security into full consideration.

Read more…

Upcoming IoT Events

More IoT News

IoT Career Opportunities