DTX Manchester DTX Manchester
  • About Us
Tuesday, 2 March, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Embedded security a high priority for IoT designers

by The Gurus
March 22, 2017
in Editor's News
IoT map
Share on FacebookShare on Twitter

In early January, the FTC sued D-Link, a manufacturer of home wireless routers and webcams, for failing to adequately secure its devices, which led to several hundred thousand devices being compromised by cyberattacks. One of these botnet attacks resulted in a major DDoS attack on the internet service provider DYN and took down thousands of websites, costing businesses millions of dollars in a single afternoon.
This lawsuit has brought to light several important issues related to the Internet of Things and our ever-increasingly connected world. For starters, with more than 25 billion devices expected to be connected within the next three to five years, the potential attack surface for cybercriminals is growing exponentially. While hackers may not be interested in controlling, say, your household lighting, they are interested in the access that a connected device can provide to higher value targets, like your financial or health data. Not to mention, connected devices, as we saw in the case of D-Link devices, can serve as a conduit for botnets that will attack other targets. The average consumer is unlikely to realize that their home router or security camera is being used in such a way, making them an ideal tool for the bad guys.
Another issue that the D-Link lawsuit has brought to the forefront is the fact that until recently, IoT security has, for the most part, been left up to consumers. While connected devices can be secured at least in some part via passwords and other protocols, many users simply don’t take the steps necessary to adequately protect their devices. In a majority of cases, they don’t even know how to secure their devices.  One of the motivating factors for the FTC case, then, is to put more responsibility for security back on to device manufacturers.
With that in mind, embedded security for IoT devices is becoming a bigger priority for device engineers. While there are some challenges in this pursuit, there are also some innovations taking shape that will improve the overall security of the IoT.

What Is Embedded Security?

The idea of embedded operating systems is not a new one. For years, we have had devices that contain microprocessors to carry out specific functions. Because, for the most part, these devices were not connected to the internet, security wasn’t a major concern. The simple fact that devices were standalone – and the obscurity of the operating system itself — made them relatively secure.
Introducing a connection to the internet, though, removes some of that inherent security. Embedded security, then, is the overall term for protecting the software, hardware, and hardware systems in these devices. Essentially, since every point of communication is a potential path for hackers, engineers must consider the entire device and identify all of the attack surfaces in order to keep it secure.

Challenges to Embedded Security

Effective embedded security requires implementing both traditional IT defenses as well as addressing the physical security of the device itself. For example, within the realm of IT, designers must consider:

  • The use of firewalls
  • Password management
  • Protections against malware
  • Firmware and software updates, how and when updates will be released and communicated
  • Application segmentation
  • Encryption and key management

However, in addition to these technical issues, designers must also consider the physical security aspects of the device. For example, could a hacker potentially physically tamper with the device to access sensitive information or reverse engineer the device to spoof or clone a legitimate device? What about key authentication? By using cryptoauthentication, it’s possible to hardware-protect encryption keys, ensuring that hackers do not gain access to sensitive information.
Effectively securing IoT devices requires designers to conduct a thorough threat analysis to determine all of the possible attack points, and then implement security measures to protect against them. Keep in mind that not all hackers are engaged in crimes of opportunity, just trying to attack anything to see what they can accomplish.
It’s very possible that hackers could be engaged in high-level acts of espionage designed to steal intellectual property — or they are simply using an IoT device as a conduit to a larger payoff. Because any scenario is possible, embedded security is no longer a “nice to have,” but is now a “must have.” Relying solely on users to protect their devices is not only dangerous, but potentially costly to your business.

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: CyberFirewallIoTsecurityTechnology
ShareTweetShare
Previous Post

Go Phish: Protecting your enterprise from the weakest link

Next Post

Why collaboration calls for increased security

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Dripping tap

Learning from past hacking attacks

March 2, 2021
Twitter Logo

Twitter tightens rules on the spread of misinformation

March 2, 2021
A crowd of Trump supporters

“GabLeaks”: Far-Right platform Gab is hacked, with posts leaked online

March 1, 2021
Coding in a laptop

Go is becoming the language of choice for malware developers

March 1, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept