Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 1 April, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Embedded security a high priority for IoT designers

by The Gurus
March 22, 2017
in Editor's News
IoT map
Share on FacebookShare on Twitter

In early January, the FTC sued D-Link, a manufacturer of home wireless routers and webcams, for failing to adequately secure its devices, which led to several hundred thousand devices being compromised by cyberattacks. One of these botnet attacks resulted in a major DDoS attack on the internet service provider DYN and took down thousands of websites, costing businesses millions of dollars in a single afternoon.
This lawsuit has brought to light several important issues related to the Internet of Things and our ever-increasingly connected world. For starters, with more than 25 billion devices expected to be connected within the next three to five years, the potential attack surface for cybercriminals is growing exponentially. While hackers may not be interested in controlling, say, your household lighting, they are interested in the access that a connected device can provide to higher value targets, like your financial or health data. Not to mention, connected devices, as we saw in the case of D-Link devices, can serve as a conduit for botnets that will attack other targets. The average consumer is unlikely to realize that their home router or security camera is being used in such a way, making them an ideal tool for the bad guys.
Another issue that the D-Link lawsuit has brought to the forefront is the fact that until recently, IoT security has, for the most part, been left up to consumers. While connected devices can be secured at least in some part via passwords and other protocols, many users simply don’t take the steps necessary to adequately protect their devices. In a majority of cases, they don’t even know how to secure their devices.  One of the motivating factors for the FTC case, then, is to put more responsibility for security back on to device manufacturers.
With that in mind, embedded security for IoT devices is becoming a bigger priority for device engineers. While there are some challenges in this pursuit, there are also some innovations taking shape that will improve the overall security of the IoT.

What Is Embedded Security?

The idea of embedded operating systems is not a new one. For years, we have had devices that contain microprocessors to carry out specific functions. Because, for the most part, these devices were not connected to the internet, security wasn’t a major concern. The simple fact that devices were standalone – and the obscurity of the operating system itself — made them relatively secure.
Introducing a connection to the internet, though, removes some of that inherent security. Embedded security, then, is the overall term for protecting the software, hardware, and hardware systems in these devices. Essentially, since every point of communication is a potential path for hackers, engineers must consider the entire device and identify all of the attack surfaces in order to keep it secure.

Challenges to Embedded Security

Effective embedded security requires implementing both traditional IT defenses as well as addressing the physical security of the device itself. For example, within the realm of IT, designers must consider:

  • The use of firewalls
  • Password management
  • Protections against malware
  • Firmware and software updates, how and when updates will be released and communicated
  • Application segmentation
  • Encryption and key management

However, in addition to these technical issues, designers must also consider the physical security aspects of the device. For example, could a hacker potentially physically tamper with the device to access sensitive information or reverse engineer the device to spoof or clone a legitimate device? What about key authentication? By using cryptoauthentication, it’s possible to hardware-protect encryption keys, ensuring that hackers do not gain access to sensitive information.
Effectively securing IoT devices requires designers to conduct a thorough threat analysis to determine all of the possible attack points, and then implement security measures to protect against them. Keep in mind that not all hackers are engaged in crimes of opportunity, just trying to attack anything to see what they can accomplish.
It’s very possible that hackers could be engaged in high-level acts of espionage designed to steal intellectual property — or they are simply using an IoT device as a conduit to a larger payoff. Because any scenario is possible, embedded security is no longer a “nice to have,” but is now a “must have.” Relying solely on users to protect their devices is not only dangerous, but potentially costly to your business.

FacebookTweetLinkedIn
Tags: CyberFirewallIoTsecurityTechnology
ShareTweetShare
Previous Post

Go Phish: Protecting your enterprise from the weakest link

Next Post

Why collaboration calls for increased security

Recent News

Data Privacy Day: Securing your data with a password manager

For Cybersecurity, the Tricks Come More Than Once a Year

March 31, 2023
cybersecurity training

Only 10% of workers remember all their cyber security training

March 30, 2023
Pie Chart, Purple

New API Report Shows 400% Increase in Attackers

March 29, 2023
Cato Networks delivers first CASB for instant visibility and control of cloud application data risk

Cato Networks Recognised as Leader in Single-Vendor SASE Quadrant Analysis

March 29, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information