IoT Security

With the abundant growth of the Internet of Things in recent years, there are now a greater number of homes with at least a few connected smart devices around the house. From wireless lighting to Smart Home locks and even connected crock pots, we expect to see these numbers continue to grow at an incredible pace.

As companies race to iterate and produce more connected devices for the home, concern has risen recently over the security of these IoT devices and what can be done to ensure they are protected and inaccessible to potential viruses, hacks, or other malignant attacks. Because this time, the hacker’s reach is not limited to your desktop and servers, but is your entire home, and that’s scary.

We’ve put together a few resources on what you, the user, can do to mitigate risk to your home and have also included some information on what companies and developers can do in order to address these concerns in their upcoming products.

What can a user do to increase the security of their devices at home?

To help consumers of smart devices, the non-profit OTA (Online Trust Alliance) put together a checklist for smart device purchase and setup in order to maximize the security and privacy of connected devices in your home. For example, they recommend that you:

  • Use a unique username and password which does not identify your family or the brand/model of the device and change them frequently.
  • Turn off and unplug your device(s) if you are gone for extended periods of time to reduce the risk of your device being hacked, being susceptible to power surges and save on energy use.
  • Disable or protect remote access to your connected device(s) when not needed to reduce the risk of hacking.
  • Document all of the smart devices and applications you use. List the company URL, passwords, contact email and phone numbers. Password protect the document or use a password “vault” mobile application.

Here are some other helpful resources for consumers:

OTA Smart Home Checklist

OTA Smart Home Resources

What can IoT developers do to make sure their smart devices and software can handle these new security challenges?

As a mobile-first development firm working extensively in this space recently, we realize we as developers play a big role in making sure we do everything we can to secure our interactions with IoT devices. But even before us, security starts first with the hardware and firmware developers of the devices themselves.

Wind River, an embedded technology company who have developed a cloud-connected operating system for IoT devices, put together this helpful document for developers and manufacturers in the IoT industry with a list of things to be aware of if they want to build better security into their hardware and firmware. They recommend that security needs to be addressed throughout a new device’s lifecycle. Some examples of this are:

  • On boot-up, ensure the integrity and authenticity of the software on the device by using cryptographically generated digital signatures.
  • Upon getting a network connection, the device should authenticate itself prior to receiving or transmitting data.
  • Implement an update and patching process that conserves bandwidth and eliminates any possibility of compromising functional safety of the device.

Also see:

IoT Security & Privacy: Reducing Vulnerabilities

And for the mobile app developers like ourselves out there building new platforms for interacting with this rapidly expanding space, we recommend making sure to practice secure coding standards wherever possible.

Here’s Apple’s secure coding guidelines for Mac and iOS

And here’s some of Google’s security tips for Android

Conclusion

The IoT space has been an absolute blast to do work in, but we all need to consider the security challenges we face when more and more devices around us are connected.

Jackrabbit Mobile is a mobile-first design and development firm that specializes in IoT applications and building the best mobile technology for present-day customers.