Smart City

Smart City Sentinel

Five Ideas for Developing a Safer IoT Device

By Special Guest
Evgen Ilyenko, Project Head at CLAP, smart home system

Modern IoT devices have proven to be rather vulnerable to hacker attacks. Unlike traditional servers that have advanced defense systems, IoT devices are far less resistant to unauthorized breaches. Statistically speaking, every tenth smart home system in the USA is hacked at least once in its lifespan.  

For the average user, a gadget’s security is not the number one priority compared to its primary functions or appealing design. For developers, creating a reliable security system usually means drastically increasing production costs – in my experience, developing informational and technical security consumes at least 50 percent of the product’s budget.

In fact, most startups on low budgets do not allocate the necessary financing to their product’s security. Nonetheless, although the high costs make guaranteeing security difficult for developers, the greatest responsibility for ensuring the security of IoT lies with them.

Here are five simple steps you can take to make your products safer:

Remind users to change factory passwords. Inform your users that they should never leave default login credentials active, unless they want to make an intruder’s life very easy.

Strangely enough, most users tend not to change their default password settings, considering them secure. This may become a fatal mistake, for many IoT devices are vulnerable to cyber-attacks, among them – DDoS-attacks. Though they are not powerful computers, most IoT appliances are able to generate large amounts of parasitic information and send them to servers – especially when a couple of gadgets are simultaneously connected to one network.

Remind your users via e-mail or push notifications on the gadget’s interface that the current password is not safe. You can even limit the device’s functions until the user takes the necessary actions and changes their password. Another good idea is to set a mandatory password change during the first start-up of the device.

Provide security for access channels. Most users want to have full access to their devices at any time and from anywhere in the world – that is when remote control via apps and web interfaces comes in handy. When a gadget can be directly accessed through the internet, it becomes vulnerable to bots that scan networks and analyze IP-addresses. If such a bot finds any device on the other end, it automatically launches other bots that try to hijack it.

You can give the connection access to an IoT device not directly but through your own server, guaranteeing the security of the transaction. For example, if you develop a smart home solution, avoid installing a server in the customer’s apartment — just transfer information from a hub and all sensors to your server remotely.

Use two-factor authentication.  Single-factor authentication (using just a password) is slowly becoming obsolete, while multi-factor authentication is considered the new industry standard. It shields a user’s account with a second safety layer against unauthorized intrusion. For example, a user may first login with a password, and then enter a special code provided by your company via sms.      

Another good idea is to use a security token. The user can install a special app on their smartphone that generates a new password every few minutes, without which no-one can access the gadget.

Think of biometry. You can drastically decrease the chance of your devices being hijacked with the help of fingerprint, face or voice recognition authorization. Each of these characteristics is unique to a person. However, one potential drawback of this method is that health decline can distort the authorization process – a person’s voice can change because of sickness and age can obscure fingerprints.          

Apart from that, using biometry checks can have great safety advantages. Developers should consider which method is best suitable for their device.

If, for example, a user spends most of his or her time wearing gloves (a doctor or a laboratory worker), then obviously a fingerprint scan can get problematic. When we are talking about smart climate control, voice authorization is not the best idea – people sleeping at night won’t be happy to be disturbed. Optic scanners may also prove useless in dusty or humid premises with a high level of air pollution.       

Do not forget to update your devices remotely. In time, most versions of libraries and operation systems become obsolete, clearing the way for unauthorized breeches – hackers eventually develop ways to break through their security systems. What starts out as the safest gadget in the world can become really vulnerable over time.

Many devices do not have an inbuilt function for remote automatic updates. The only thing a user can do with them in case of attack is to disconnect the device and change it to a safer counterpart - not the best way to build customer loyalty. That is why it is crucial to update your gadgets remotely, which can even be done without disturbing the user.

In Conclusion
Most experts see IoT as a Wild Wild West of technology, where there are no exact rules or user standards. Where might this lead us?

One possible scenario is that users will realize the importance of their safety, and choose regular devices over smart ones. Between comfort and private data safety, people are most likely to choose the latter.

Another outcome could be more Orwellian: IoT’s security may fall into the hands of different governments, which would provide stability and safety by enabling mandatory certification.

Such safety regulations have been discussed and even introduced in Italy, Britain and the US. Such norms can negatively influence IoT development and result in additional production costs.

To prevent such scenarios from happening, IoT developers should make their product’s safety a top priority.

Though it might not be possible to make a product that is 100 percent secure, we absolutely must channel our efforts into tackling this problem, developing an internet of things that is as safe as it can be.

About the author: Evgen Ilyenko, Project Head at CLAP has more than 10 years of experience in project management. CLAP has created a smart home system that looks after comfort, energy and cost efficiency and safety. CLAP can at the same time monitor access to apartment, secure property, oversee temperature level in the house, adjust heating mode, estimates utility costs and pay the bills.

For more on IoT Security solutions, register now for the Industrial IoT Conference and The Smart City Event




Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

'Smart Gas Meter Penetration Rate in Europe Reached 45% in 2023'

By: Alex Passett    3/13/2024

According to new data from Berg Insight, he installed base of smart gas meters in Europe amounted to 55.9 million in 2023, equivalent to a penetration…

Read More

Smarter Grid Planning and Operations: Itron Acquires Elpis Squard to Expand Grid Edge Intelligence Portfolio

By: Alex Passett    3/11/2024

To accelerate the energy transition needs for grid planning, operational and engineering teams and processes, Itron officially announced the strategic…

Read More

IoT Evolution Expo Gold Sponsor Libelium is Changing the Electric Grid with Smart DLR Solutions

By: Alex Passett    2/13/2024

IoT Evolution Expo 2024 is taking place from February 13-15 at the Broward County Convention Center in Fort Lauderdale, Florida. Under the grand umbre…

Read More

A New Record for Connectivity: 'World's Longest-Range Wi-Fi HaLow Solution' Demonstrated by Morse Micro

By: Alex Passett    2/6/2024

Morse Micro recently announced the success of what it has called "the world's first live demonstration of Wi-Fi CERTIFIED HaLow technology extending t…

Read More

'The World's First Smart Rainforest': How NTT and ClimateForce Plan to Use Smart Technology for Environmental Restoration

By: Alex Passett    1/30/2024

ClimateForce and Smart Management Platform (SMP) technology company NTT have announced their partnership with the goal of creating the world's first "…

Read More