As we connect household devices to the Internet of Things (IoT), we simultaneously make it easier to attack the security of these devices, and increase the value of a successful attack.
It used to be academically interesting, perhaps, that an attacker could compromise an unconnected home thermostat. Today, it's another thing entirely that an attacker can potentially target thousands of home thermostats from afar, determine which ones have been set in vacation mode for the next week, and remotely open the corresponding garage doors for his local accomplice to pull right in.
A typical IoT device communicates with a server located in the cloud, probably over a RESTful API. The software clients used to control the IoT device, such as smartphone apps, also normally communicate with the server -- therefore all connections flow through the cloud.
Whether you are designing a connected refrigerator, security access control system, baby video monitor, or system to control the release of chemicals into a pool or spa, you need to adopt some security best-practices. Here are five best-practices to ensure security:
- Use outbound connections only. Open TCP ports on an IoT device are an engraved invitation to hackers. The most secure devices don't have any open ports. Instead, all connections are initiated from the device to the cloud.
- Use HTTPS and SSL. Many home WiFi networks are either wide open, or protected by the most trivial passwords, and DNS also is not hard to spoof. A secure system uses HTTPS (or another SSL-based protocol) to communicate with the server. Implemented correctly, SSL guarantees the identity of your cloud server -- preventing a man-in-the-middle attack -- and simultaneously ensures that the data you are passing to the server cannot be passively sniffed.
- Close debug access points. A successful IoT product will sell millions of units. If the target is interesting enough, assume that attackers will reverse engineer the device to determine its vulnerabilities. Now, reverse engineering is hard to completely prevent, but vendors don't need to roll out the red carpet. Before shipping the device, any debug access points -- whether physical connectors like serial ports or JTAG headers, or software ports like telnet or ssh ports -- should be closed.
- No backdoors. One might think this idea would be obvious, yet we still see it distressingly often. Assume an attacker has access to your full source tree and therefore knows all your secrets. Don't leave hard-coded means of accessing special functionality in your product.
- Pay the security maintenance tax. Even if product design teams do everything right before launch, selling a connected device implies an organizational commitment to keep the device secure in the face of newly discovered security holes. For this reason, IoT devices need to have a secure mechanism to update their firmware "over the air," and IoT vendors need to dedicate engineering resources to tracking published vulnerabilities and taking the necessary steps to update firmware when required.
Simply put, if embedded device vendors are going to continue to invest in developing Internet-enabled products, engineering teams need to ensure these devices are secure. Starting with these best-practices will provide a decent baseline for security.
— Howdy Pierce is Managing Partner at Cardinal Peak, an engineering services firm that develops embedded systems.