If you don’t know it yet – this should serve as a warning: Internet of Things (IoT) devices are insecure (period!). The Urgent11 security flaws, in addition to data hacks from Alexa and Google Home, Orvibo Smartmate, Amcrest IP camera, are just the tip of the iceberg (as they call it)..
The sheer amounts of data generated from the 44 billion IoT devices by 2023 will make every zettabyte of data vulnerable to attack – making the security of IoT today even more compelling.
Integrating security into IoT projects is not an easy feat but is an increasingly urgent necessity. With an installed base of 44 billion connected devices projected for 2023, the amount of data and information generated and shared will reach zettabytes of data, according to global tech market advisory firm, ABI Research.
CHECKOUT: Insecure by design
“Much of that data will be sensitive, whether about an individual’s privacy or confidential business information. As such, it presents a lucrative opportunity for threat actors, as data has become a highly commoditized asset in modern societies. Add to that the potential of harnessing unprotected IoT devices for botnets, denial-of-service attacks, or even holding them hostage to ransomware, the imperative for security cannot be ignored,” emphasized Michela Menting, digital security research director at ABI Research.
Several platforms and tools have emerged in the market recently, which can facilitate security implementation, even in the most basic IoT devices. Chipmakers like STMicroelectronics, NXP, Renesas, Microchip, Cypress, Nuvoton, MediaTek, RedPine, and Maxim Integrated, are offering secure microcontrollers that can service general-purpose IoT applications from smart home appliances to industrial control systems.
These can enable a host of secure functionalities, including security co-processors and cryptographic accelerators, secure storage for keys and certificates, secure execution environments, and root of trust functionalities.
“But beyond that, these secure microcontrollers come pre-packaged with supporting software development tools that can enable developers to leverage these hardware features and deploy secure services, such as key provisioning and onboarding to a cloud platform, as well as lifecycle management (e.g., secure over-the-air software updates),” Menting added.
In a bid to facilitate secure IoT deployments, semiconductor vendors offer a wide breadth of software development platforms, from their own proprietary solutions but also focusing on interoperability and compatibility with third-party software and connectivity tools.
The aim is to facilitate the use of secure hardware by providing secure software development and service connectivity tools that can easily allow developers to onboard and securely manage their devices.
“Developing and managing secure IoT deployments is no longer the remit of security professionals but is a capability that is quickly becoming available to developers of all levels. Enterprises looking to deploy IoT can now more easily engage in securing them, in a more cost-effective manner that can enable faster time-to-market. End-to-end IoT security is within reach for enterprises large and small,” concluded Menting.
