Five Ideas for Developing a Safer IoT Device

By Special Guest
Evgen Ilyenko, Project Head at CLAP, smart home system
May 01, 2018

Modern IoT devices have proven to be rather vulnerable to hacker attacks. Unlike traditional servers that have advanced defense systems, IoT devices are far less resistant to unauthorized breaches. Statistically speaking, every tenth smart home system in the USA is hacked at least once in its lifespan.  

For the average user, a gadget’s security is not the number one priority compared to its primary functions or appealing design. For developers, creating a reliable security system usually means drastically increasing production costs – in my experience, developing informational and technical security consumes at least 50 percent of the product’s budget.

In fact, most startups on low budgets do not allocate the necessary financing to their product’s security. Nonetheless, although the high costs make guaranteeing security difficult for developers, the greatest responsibility for ensuring the security of IoT lies with them.

Here are five simple steps you can take to make your products safer:

Remind users to change factory passwords. Inform your users that they should never leave default login credentials active, unless they want to make an intruder’s life very easy.

Strangely enough, most users tend not to change their default password settings, considering them secure. This may become a fatal mistake, for many IoT devices are vulnerable to cyber-attacks, among them – DDoS-attacks. Though they are not powerful computers, most IoT appliances are able to generate large amounts of parasitic information and send them to servers – especially when a couple of gadgets are simultaneously connected to one network.

Remind your users via e-mail or push notifications on the gadget’s interface that the current password is not safe. You can even limit the device’s functions until the user takes the necessary actions and changes their password. Another good idea is to set a mandatory password change during the first start-up of the device.

Provide security for access channels. Most users want to have full access to their devices at any time and from anywhere in the world – that is when remote control via apps and web interfaces comes in handy. When a gadget can be directly accessed through the internet, it becomes vulnerable to bots that scan networks and analyze IP-addresses. If such a bot finds any device on the other end, it automatically launches other bots that try to hijack it.

You can give the connection access to an IoT device not directly but through your own server, guaranteeing the security of the transaction. For example, if you develop a smart home solution, avoid installing a server in the customer’s apartment — just transfer information from a hub and all sensors to your server remotely.

Use two-factor authentication.  Single-factor authentication (using just a password) is slowly becoming obsolete, while multi-factor authentication is considered the new industry standard. It shields a user’s account with a second safety layer against unauthorized intrusion. For example, a user may first login with a password, and then enter a special code provided by your company via sms.      

Another good idea is to use a security token. The user can install a special app on their smartphone that generates a new password every few minutes, without which no-one can access the gadget.

Think of biometry. You can drastically decrease the chance of your devices being hijacked with the help of fingerprint, face or voice recognition authorization. Each of these characteristics is unique to a person. However, one potential drawback of this method is that health decline can distort the authorization process – a person’s voice can change because of sickness and age can obscure fingerprints.          

Apart from that, using biometry checks can have great safety advantages. Developers should consider which method is best suitable for their device.

If, for example, a user spends most of his or her time wearing gloves (a doctor or a laboratory worker), then obviously a fingerprint scan can get problematic. When we are talking about smart climate control, voice authorization is not the best idea – people sleeping at night won’t be happy to be disturbed. Optic scanners may also prove useless in dusty or humid premises with a high level of air pollution.       

Do not forget to update your devices remotely. In time, most versions of libraries and operation systems become obsolete, clearing the way for unauthorized breeches – hackers eventually develop ways to break through their security systems. What starts out as the safest gadget in the world can become really vulnerable over time.

Many devices do not have an inbuilt function for remote automatic updates. The only thing a user can do with them in case of attack is to disconnect the device and change it to a safer counterpart - not the best way to build customer loyalty. That is why it is crucial to update your gadgets remotely, which can even be done without disturbing the user.

In Conclusion
Most experts see IoT as a Wild Wild West of technology, where there are no exact rules or user standards. Where might this lead us?

One possible scenario is that users will realize the importance of their safety, and choose regular devices over smart ones. Between comfort and private data safety, people are most likely to choose the latter.

Another outcome could be more Orwellian: IoT’s security may fall into the hands of different governments, which would provide stability and safety by enabling mandatory certification.

Such safety regulations have been discussed and even introduced in Italy, Britain and the US. Such norms can negatively influence IoT development and result in additional production costs.

To prevent such scenarios from happening, IoT developers should make their product’s safety a top priority.

Though it might not be possible to make a product that is 100 percent secure, we absolutely must channel our efforts into tackling this problem, developing an internet of things that is as safe as it can be.

About the author: Evgen Ilyenko, Project Head at CLAP has more than 10 years of experience in project management. CLAP has created a smart home system that looks after comfort, energy and cost efficiency and safety. CLAP can at the same time monitor access to apartment, secure property, oversee temperature level in the house, adjust heating mode, estimates utility costs and pay the bills.

For more on IoT Security solutions, register now for the Industrial IoT Conference and The Smart City Event

Edited by Ken Briodagh

Related Articles

AT&T and Los Angeles Explore Partnership

By: Ken Briodagh    9/20/2018

AT&T and the City of Los Angeles are looking to team up to make LA one of the smartest cities in America and to Drive Traffic, Public Safety and Disas…

Read More

SAS IoT to power China's Wuxi High-Tech Zone

By: Ken Briodagh    9/19/2018

Partnership builds on SAS' position as the IoT analytics leader in smart cities arenas.

Read More

AT&T, G+D and Altair Team Up to Spur IoT Deployment

By: Ken Briodagh    9/19/2018

Next-Generation Integrated SIM Will Meet the Needs of an Expanding Global Internet of Things Market

Read More

Top 5 Reasons Why APIs Lead to Blockages in B2B Operations

By: Special Guest    9/18/2018

These days, enterprises are increasingly adopting API led solutions for Business to Business (B2B) connectivity.

Read More

Technology Companies Join to Reduce Water Consumption for Commercial Farms

By: Cynthia S. Artin    9/18/2018

Three companies have announced an Industrial IoT (IIoT) "stack" combining sensors, signals, semiconductors, algorithms, expertise in social moisture m…

Read More