IoT Device Security – What You Need To Know

The expanding market for connected devices and the Internet of Things (IoT) has propelled demand for products that alleviate the stress of managing daily interactions; from buying groceries to protecting our homes, there is an app or device for that. To meet this demand, manufacturers are developing products at rapid speed, while trying to keep prices low to promote user adoption. This has left many in the security sector asking the question, have we taken the necessary steps to ensure these products are properly securing user data?

Internet of “Bad” Things?

The IoT industry expansion has been innovative, immersive, and impressive. The direct-to-consumer IoT device market has also faced incredible growth, however with increased access and cheaper solutions, device security is not always prioritized.
IoT products aren’t limited to just one consumer audience- in fact, you can find products directed towards any demographic. Not only are the devices sold as a singular solution, but they can also be incorporated into existing technology. Often, they are fairly inexpensive and this is what makes unsecured IoT devices a goldmine to hackers; as they are now able to infiltrate and disrupt any consumer industry. From children’s toys, home assistants, connected cars, etc; IoT devices have begun to incorporate themselves within our everyday lives.
Protecting consumer data isn’t difficult, but it is a step that many overlook in a quest for convenience or excitement in adopting the new technology.
IoT specific security standards haven’t been ratified, which means that it is up to the consumer in most cases to ensure that they are taking every precaution in securing their devices.

Here is your basic IoT Device Securing Checklist:

  1. Identify which of your devices have communication abilities, and ensure that the hardware/software/firmware is up to date on both the IoT device and whatever device you are establishing a connection with.
  2. Upon your first use of the IoT device, update your user credentials. Do not just keep the credentials on the factory/default setting.
  3. Disable any Universal Plug and Play (UPnP) option, and disable any automatic connections to the device.
  4. Check to see if there is a competing product that has gone through the security certification process. A FIPS 140-2 certification shows that the product has undergone extensive testing and that the crypto functionality of the solution is up to NIST/government standard.
If you are unsure of whether or not your IoT solution could benefit from obtaining a security certification like: FIPS 140-2, Common Criteria, or DoDIN APL; contact Corsec to discuss your options.

Subscribe to Corsec emails!