Internet of Things (IoT) security is an arms race between the companies developing IoT solutions and the hackers who see value in compromising those solutions. It’s a race hackers are handedly winning in large part because companies—and consumers—haven’t yet taken IoT security seriously. While the race favors the hacker, it's nevertheless possible to "win" via pragmatic strategies that minimize risk.
IoT security is comprised of components (e.g., sensors, devices, gateways, servers), the communication between these components, and the data they store. Securing each component, however, presents unique challenges and considerations. Transport Layer Security (TLS) can secure communication, for example, but low-powered sensors and devices are often ill-equipped to negotiate TLS sessions.
Additionally, companies often have little control over the security of third-party components such as the cloud-hosted servers with which their devices communicate, and must rely on third-party vendors to adequately defend against and respond to attacks. These vendors may lack a satisfactory security architecture, appropriate incident response plans, and transparency about security with customers.
Amidst all of this is the reality that security must be balanced against other requirements. Mitigating against potential physical and remote attacks typically impacts other aspects of the IoT solution, like cost, form factor, power consumption, and user experience, all of which must be taken into consideration. Meanwhile, security itself is a moving target, with attackers constantly developing new attacks; an adequately secure IoT solution today will likely not remain so throughout its useful lifespan.
Although companies will never be able to declare total victory over hackers, it is still possible to "win" the arms race via a balanced and thoughtful approach to security that reduces the value of hacking an IoT solution below the cost of actually doing it. Such a strategy will focus as much on mitigating exploits as on preventing them. Here are some best practices:
- Ask questions. Attackers may target any component of an IoT solution to accomplish any number of goals, including accessing data, controling components, and disrupting service. It is critical to both understand how an IoT solution might be compromised and what a hacker might gain in doing so. Once understood, mitigation strategies will necessarily vary by component and solution—light bulb security, for example, will differ from that of medical device security. Be aware that mitigation strategies themselves might introduce new risks. Firmware updates, for example, might fix vulnerabilities, but could allow an attacker to inject malicious software.
- Constrain the scope of potential threats. Consider threats to each component in the IoT solution. Would, for example, a potential compromise affect a single device or the entire fleet? Would an exploit require physical access or might it be executed over the Internet? Does it allow the hacker to falsify data, control devices, or alter the solution's behavior? Favor security strategies, like device-specific authentication against a server, for example, that can only be beaten by physical attacks, only compromise individual units, and that minimize resulting damage.
- Collect and act on anomalous behavior. Servers, in contrast to other components, generally have "infinite" bandwidth, memory, storage, and computation power. Take advantage of this! Server-side logging, for instance, provides transparency essential to troubleshooting anomalies, including suspect sensor readings, questionable control requests, and unexpected communication frequency. Servers capable of detecting and acting on anomalies are invaluable.
- Include user validation of critical functions. In the same manner credit card companies might ask for verbal confirmation of recent charges, consider incorporating user validation for critical functions and to validate anomalies. Validation can entail everything from acknowledging a notification to physically interacting with components.
- Secure data against unauthorized access. Data stored in components ("data at rest"), communicated between components (“data in motion”), and shown to users via interfaces and APIs ("data in use") will be targeted by hackers hoping to access, forge, and disrupt it. Data in motion can be secured via TLS, assuming the component supports it, and data in use should incorporate authentication and access control. Data at rest, which includes passwords and keys, can be the most difficult to secure and may necessitate encrypting the data itself to prevent a successful compromise from yielding usable information.
Insecure IoT solutions are, initially at least, cheaper to build, and it's possible that sites like shodan.io, which, among other things, allows users to watch video feeds from insecure webcams, simply reflect the kind of security companies and consumers are willing to live with relative to what they’re willing to invest. Conversely, secure solutions are more costly upfront but much less likely to result in eventual catastrophes. However, by focusing on a pragmatic, effective approach to security, it is possible to produce secure IoT solutions that will reduce future risk without breaking the bank now.