Menu

IoT FEATURE NEWS

Five Ideas for Developing a Safer IoT Device

By

Modern IoT devices have proven to be rather vulnerable to hacker attacks. Unlike traditional servers that have advanced defense systems, IoT devices are far less resistant to unauthorized breaches. Statistically speaking, every tenth smart home system in the USA is hacked at least once in its lifespan.  

For the average user, a gadget’s security is not the number one priority compared to its primary functions or appealing design. For developers, creating a reliable security system usually means drastically increasing production costs – in my experience, developing informational and technical security consumes at least 50 percent of the product’s budget.

In fact, most startups on low budgets do not allocate the necessary financing to their product’s security. Nonetheless, although the high costs make guaranteeing security difficult for developers, the greatest responsibility for ensuring the security of IoT lies with them.

Here are five simple steps you can take to make your products safer:

Remind users to change factory passwords. Inform your users that they should never leave default login credentials active, unless they want to make an intruder’s life very easy.

Strangely enough, most users tend not to change their default password settings, considering them secure. This may become a fatal mistake, for many IoT devices are vulnerable to cyber-attacks, among them – DDoS-attacks. Though they are not powerful computers, most IoT appliances are able to generate large amounts of parasitic information and send them to servers – especially when a couple of gadgets are simultaneously connected to one network.

Remind your users via e-mail or push notifications on the gadget’s interface that the current password is not safe. You can even limit the device’s functions until the user takes the necessary actions and changes their password. Another good idea is to set a mandatory password change during the first start-up of the device.

Provide security for access channels. Most users want to have full access to their devices at any time and from anywhere in the world – that is when remote control via apps and web interfaces comes in handy. When a gadget can be directly accessed through the internet, it becomes vulnerable to bots that scan networks and analyze IP-addresses. If such a bot finds any device on the other end, it automatically launches other bots that try to hijack it.

You can give the connection access to an IoT device not directly but through your own server, guaranteeing the security of the transaction. For example, if you develop a smart home solution, avoid installing a server in the customer’s apartment — just transfer information from a hub and all sensors to your server remotely.

Use two-factor authentication.  Single-factor authentication (using just a password) is slowly becoming obsolete, while multi-factor authentication is considered the new industry standard. It shields a user’s account with a second safety layer against unauthorized intrusion. For example, a user may first login with a password, and then enter a special code provided by your company via sms.      

Another good idea is to use a security token. The user can install a special app on their smartphone that generates a new password every few minutes, without which no-one can access the gadget.

Think of biometry. You can drastically decrease the chance of your devices being hijacked with the help of fingerprint, face or voice recognition authorization. Each of these characteristics is unique to a person. However, one potential drawback of this method is that health decline can distort the authorization process – a person’s voice can change because of sickness and age can obscure fingerprints.          

Apart from that, using biometry checks can have great safety advantages. Developers should consider which method is best suitable for their device.

If, for example, a user spends most of his or her time wearing gloves (a doctor or a laboratory worker), then obviously a fingerprint scan can get problematic. When we are talking about smart climate control, voice authorization is not the best idea – people sleeping at night won’t be happy to be disturbed. Optic scanners may also prove useless in dusty or humid premises with a high level of air pollution.       

Do not forget to update your devices remotely. In time, most versions of libraries and operation systems become obsolete, clearing the way for unauthorized breeches – hackers eventually develop ways to break through their security systems. What starts out as the safest gadget in the world can become really vulnerable over time.

Many devices do not have an inbuilt function for remote automatic updates. The only thing a user can do with them in case of attack is to disconnect the device and change it to a safer counterpart - not the best way to build customer loyalty. That is why it is crucial to update your gadgets remotely, which can even be done without disturbing the user.

In Conclusion
Most experts see IoT as a Wild Wild West of technology, where there are no exact rules or user standards. Where might this lead us?

One possible scenario is that users will realize the importance of their safety, and choose regular devices over smart ones. Between comfort and private data safety, people are most likely to choose the latter.

Another outcome could be more Orwellian: IoT’s security may fall into the hands of different governments, which would provide stability and safety by enabling mandatory certification.

Such safety regulations have been discussed and even introduced in Italy, Britain and the US. Such norms can negatively influence IoT development and result in additional production costs.

To prevent such scenarios from happening, IoT developers should make their product’s safety a top priority.

Though it might not be possible to make a product that is 100 percent secure, we absolutely must channel our efforts into tackling this problem, developing an internet of things that is as safe as it can be.

About the author: Evgen Ilyenko, Project Head at CLAP has more than 10 years of experience in project management. CLAP has created a smart home system that looks after comfort, energy and cost efficiency and safety. CLAP can at the same time monitor access to apartment, secure property, oversee temperature level in the house, adjust heating mode, estimates utility costs and pay the bills.

For more on IoT Security solutions, register now for the Industrial IoT Conference and The Smart City Event




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More