Security

Countering security flaws in connected objects

The Internet of Things (IoT) is at the heart of current technological innovations. Used by both companies and ...


security flaws connected objects

The Internet of Things (IoT) is at the heart of current technological innovations. Used by both companies and individuals, the number of connected objects in service could reach 20 to 30 billion by 2020, according to forecasts. As 5G is about to be rolled out to vast areas of the world, accelerating this expansion even further, what issues may arise concerning the security of connected objects and your sensitive data? At first glance, these new, playful, practical and useful connected objects seem to only have qualities. Yet behind them, lies a fundamental issue which, if not addressed early enough, can have serious consequences. All the more so since 80% of the connected objects in circulation are vulnerable (according to Gartner). The security of connected objects is often underestimated, but in reality, it is essential!

 

Connected object security: high and poorly known risks

 

Connected objects such as cameras, locks, shutters etc. are now everywhere. But there are also sensors to control room temperatures or light levels according to the presence of occupants. These mainly concern the fields of home automation and energy measurement. On another level, sensors may have other, more sensitive and specific objectives related to industrial processes for example, and are commonplace in the corporate context. But whatever the connected object, if it is not sufficiently protected, it is an open door for hackers.

Today, the number of companies producing connected objects is constantly growing and their fields of use are vast. It's very simple: any everyday object in our private and professional lives can be connected. From the coffee machine to your children's toys, from your photocopier to your production tools, everything is likely to become connected at some point in the future. So they will also be able to transmit their usage data to a server and a platform to be exploited. Which represent that many additional risks and gateways for malicious intent.

This is what happened to 800,000 families in 2017 due to a connected teddy bear. In the instructions for using this seemingly harmless toy, parents were informed that a basic password was recommended. This greatly facilitated the work of the hackers, who were then able to breach the server and access user personal data and conversations. And then demand a ransom from users, a phenomenon called ransomware. Once a flaw has allowed a first object to be breached, it can be replicated on all of the identical products in circulation.

Financial risks, violation of trade secret, personal integrity, the consequences of security breaches are scary. And this goes beyond the "simple" hacking of computers or internal company systems. It is even more serious when hacking a connected object concerns the medical sector or a person's health. This is the case for connected pacemakers, which are particularly vulnerable. Causing death by proxy server is now a possibility.

Considering the notion of security of your connected devices therefore becomes essential for the sustainability of your company. And for the trust of your customers. Please understand that not all connected objects require the same level of security; some are more sensitive, while others have limited impacts.

 

 

Looking for more information about Rtone?

Discover our references

 

Security by design: why should we think about the security of a connected object right from the design phase?

 

The security of a connected object is not solely dependent on the strength of a user-defined password. Security goes far beyond that and is designed/determined well before the object is manufactured. Because this is where the first and most problematic flaw lies, the one that leads to all the others. For example, some modules called secure elementsare physical shields to be integrated into a PCB. If these secure elements are not integrated into the electronics design from the outset, it will no longer be possible to add them at a later time.

The principle of Security by Design aims to integrate security issues right from the design phase. In this way, the shields are integrated into the object's DNA. To achieve this, Rtone identifies risks in collaboration with companies from the outset of an IoT project. And the process steps are codified:

Risk analysis to determine the appropriate security for a connected object

Alongside our customers, Rtone determines the level of risk, depending on the objects to be produced. This makes it possible to know what elements needs to be secured and the resources to deploy to ensure the appropriate level of security. This first step requires intimate knowledge of the customer's environment, products or services. We then ask ourselves the question of how the object will be used. The principle of Security by Design requires precise knowledge of the object's intended use: context of use, environment etc., so as to choose the appropriate software architecture and required level of security.

Implementation and testing to validate the security of a connected object

Rtone then moves on to the implementation phase of the programme, based on elements provided by the customer. Then comes the implementation of security protocols, which are subjected to automated testing.

The other tests consist in detecting vulnerabilities by attacking the software, like a hacker would. This pentest (penetration test) is similar to a safety audit, performed by a person not involved in the design process. If intrusion is impossible, Rtone validates the process a second time.

It is truly essential to integrate the security aspect into your IoT project as far upstream as possible. Because if you choose a communication protocol without security, the project must be restarted from scratch.

Cyber threats are a daily occurrence. With connected objects, risks multiply, especially due to poor knowledge of certain dangers. The object is not only connected to a wireless or 4G network, but also to a server. Securing this connection and transmitting only the information essential for normal operation, must be thought out beforehand. Being aware of IoT's flaws and vulnerabilities is essential in order to avoid risks that can have serious consequences on your business, your company and your private life. All risks must be considered in the design of a connected object, right from the project phase. The principle of Security by Design is therefore your best defence against attacks.

At Rtone, we support your projects, from design right through to market launch, and we help ensure your connected objects are as secure as possible. Contact us to discuss it!

 

 

You want to go deeper with your IoT project? Discover how to build a successful connected solution with our free guide. 

Download your free guide

 

Articles similaires