Breaking News
Comments
Newest First | Oldest First | Threaded View
Page 1 / 3   >   >>
Caleb Kraft
User Rank
Blogger
great points
Caleb Kraft   11/21/2013 4:49:02 PM
NO RATINGS
Great points all around. I'd love to see this revisited in 2 years to see what is at the top of the list then!

LarryM99
User Rank
CEO
Special attention to video
LarryM99   11/19/2013 7:54:10 PM
NO RATINGS
Very good article. One thing that I would add, though, is the need to particularly lock down video feeds. This is an item that many people add to increase security but neglect to adequately lock down. Not only does that make it handy for an intruder to surveil the premises, but it can also provide a convenient open window. Peeping toms no longer have to hide in the bushes outside of a physical window.

LarryM99
User Rank
CEO
Re: How about gateways?
LarryM99   11/19/2013 7:47:20 PM
NO RATINGS
I recently upgraded my home router, and I was impressed by how locked down the new one was by default. They randomized the SSID, closed down any inbound connections by default, turned off ping response, provided a unique default password, and a number of other enhancements. It is still quite possible to override these settings, but a user that doesn't do that will be much safer by default with new equipment like this.

Charles.Desassure
User Rank
Manager
Come on...
Charles.Desassure   11/19/2013 1:33:42 PM
NO RATINGS
Thanks for the wonderful recommendations and suggestions.  It is not the IoT that is the problem.  The weakest link in Information security is people.  As long as the average person do not know the meaning of "outbound"; or how about "HTTPS and SSL"; and what about "backdoor."  Come on...Once again, wonderful suggestions.

chanj0
User Rank
Manager
Re: How about gateways?
chanj0   11/19/2013 12:59:36 PM
NO RATINGS
Your home network gateway plays an important role to the security of your home network as well. Typically, my gateway doesn't listen to any port in the extenal network. If it does, I only allow connection from a specific IP address, e.g. my office gateway address. 5 tips in this article are very good. I am sure there will be more tips and in some IoT application, some tips may be found difficult to apply. Nonetheless, this article is a good starting point to develop a complete list. Security is no doubt the main concern in IoT. The sooner the list is nailed down, the better security we will earn.

Caleb Kraft
User Rank
Blogger
Re: How about remote commands?
Caleb Kraft   11/19/2013 12:53:16 PM
NO RATINGS
true, and unfortunately so much security is only advanced due to the research that malicious people do. it is very hard to predict the weak points far down the road.

Caleb Kraft
User Rank
Blogger
Re: How about gateways?
Caleb Kraft   11/19/2013 12:52:19 PM
NO RATINGS
If you're referring to most routers in public or in your homes, this shouldn't really be an issue. IoT devices should work just like a PC, phone, tablet etc. It should ask for an IP via dhcp just like everything else.

RichQ
User Rank
CEO
Re: How about remote commands?
RichQ   11/19/2013 12:09:25 PM
NO RATINGS
Thanks for the additional information and the link, Howdy. It helps clarify some things for me.

howdypierce
User Rank
Rookie
Re: Howdy, Howdy
howdypierce   11/19/2013 10:03:52 AM
NO RATINGS
Cuno--

Thank you for your comments.

SSL and the related protocols are definitely a pain in the rear ... a comment that applies to security generally :)

However, at least for Wi-Fi-based products, the computational overhead of SSL is basically something you're paying for already. For instance, if your silicon is capable of joining a WPA2 network, it's capable of AES encryption. We are seeing components from several major vendors targeted at exactly this application, and they've normally got SSL, HTTPS, and so on built in at relatively decent prices, at least in volume.

If instead you are talking about Zigbee and the other 802.15.4 protocols, then yes, those chips don't normally offer SSL support (at least as far as I'm aware).  But in this case, you're typically not talking about using IP on the device; instead, the gateway between 802.15.4 and IP would translate between the non-IP protocol and the IP backhaul to the cloud, and that's the point at which you'd apply SSL.  (As I said in another comment, though, I'd want to think hard about the security of this configuration more generally.  I'm not sure I'd trust, for instance, a Zigbee-based lock on my front door.)

howdypierce
User Rank
Rookie
Re: How about remote commands?
howdypierce   11/19/2013 9:53:04 AM
NO RATINGS
Rich,

Thanks for the really good comments.  

Regarding the role of the gateway between the IP-based network and the 802.15.4 protocols (of which Zigbee is but one example) -- there are a whole host of issues here and probably deserving of an entire blog post. (To address Bert's comment: This configuration is common because of the very low power requirements of 802.15.4. Unfortunately, typically the IP communcations are terminated at the gateway instead of being carried all the way to the device.)  Specifically regarding the security of this configuration, I think there are likely to be vulnerabilities there, at least if you assume that attackers can get reasonably close to your 802.15.4 network.  Definitely something to worry about.

Regarding how you engineer things to statisfy my "outbound connections only" rule, I have another blog post addressing that: http://www.cardinalpeak.com/blog/?p=1791

Page 1 / 3   >   >>


Flash Poll
EE Life
Frankenstein's Fix, Teardowns, Sideshows, Design Contests, Reader Content & More
Engineer's Bookshelf
Caleb Kraft

The Martian: A Delightful Exploration of Math, Mars & Feces
Caleb Kraft
6 comments
To say that Andy Weir's The Martian is an exploration of math, Mars, and feces is a slight simplification. I doubt that the author would have any complaints, though.

The Engineering Life - Around the Web
Caleb Kraft

Surprise TOQ Teardown at EELive!
Caleb Kraft
1 Comment
This year, for EELive! I had a little surprise that I was quite eager to share. Qualcomm had given us a TOQ smart watch in order to award someone a prize. We were given complete freedom to ...

latest comment elctrnx_lyf congrats to rajeev prasad !!!
Design Contests & Competitions
Caleb Kraft

Join The Balancing Act With April's Caption Contest
Caleb Kraft
58 comments
Sometimes it can feel like you're really performing in the big tent when presenting your hardware. This month's caption contest exemplifies this wonderfully.

Engineering Investigations
Caleb Kraft

Frankenstein's Fix: The Winners Announced!
Caleb Kraft
8 comments
The Frankenstein's Fix contest for the Tektronix Scope has finally officially come to an end. We had an incredibly amusing live chat earlier today to announce the winners. However, we ...

Top Comments of the Week
Like Us on Facebook
EE Times on Twitter
EE Times Twitter Feed

Datasheets.com Parts Search

185 million searchable parts
(please enter a part number or hit search to begin)