Internet of Things (IoT) and Smart Home have arrived in the general public since Amazon Alexa at the latest. Many of them have more than just a smart home device. At least one million devices are expected in 2021. No wonder, since smart home devices help us save energy (smart lamps/sockets/thermostats), secure our home (intelligent door locks and alarm systems, IP cameras), and improve our quality of life in general.
Assistance systems such as Amazon Alexa can not only call up information by voice command. No, smart home devices can also be controlled with it. Technologies such as IFTTT (If this then that) enable devices to take action when a previously defined event occurs on another device such as the Smart Lock is unlocked and after 6 p.m., then turn on the light in the corridor. In short: the Internet of Things and Smart Home can be efficient and offer many functions.
However, this variety of functions can also be misused. Successful attacks can be expensive for the victims (the thermostat is turned on remotely by an attacker while the residents are on vacation), they can be dangerous (smart sauna heater overheats), they can be uncomfortable (owner is informed by his IP Camera spied) or all together: a door locked with a smart lock is opened to break in without leaving any traces. The burglar can steal a lot (expensive), come across private information (unpleasant), and attack witnesses (dangerous).
So safety should be a top priority. The reality is known to be different, as functions and features sell better than security. Especially when technologies are relatively new, attempts are made to bring a product onto the market as quickly as possible. As a result, IT security measures are not yet adequately implemented when the product is released.
However, the level of security has increased compared to previous years – albeit not always sufficient. This is partly because standards such as ZigBee, Apple Homekit, or Google Nest have become established, and a trend towards relocation to the cloud can be recognized. The latter has a positive effect on secure implementation but harms privacy. The increased computing capacity of the processors that support (stronger) encryption can be seen as positive.
However, not all devices are secure by a long way. The user can often deactivate the insecure functions of the devices (access from the Internet, etc.). Still, since it is no longer only technically experienced users who procure IoT devices, this is insufficient. A device must be inherently safe and remain secure.
- Automatic and secure firmware updates
- Randomly generated passwords instead of standard passwords
- Secure standard settings
- Use of encryption
- Data economy (data protection)
- Use proven algorithms
Automatic And Secure Firmware Updates
Mirai has been attacking hundreds of thousands of IoT devices such as IP cameras and adding these devices to existing botnets. The exploited security gaps are known and could be closed, but for many of these devices, no firmware update is planned, which is why Mirai should still exist in the next few years.
IoT devices should therefore implement the option of a firmware update. If the devices have access to the Internet, they should be updated automatically by default. But in addition to automatic updates, it is also essential that these are of integrity and imported correctly. If an attacker can manipulate the firmware before installation, the firmware update creates a new attack vector.
There are several approaches for fast and secure firmware updates of IoT devices:
- Schnorr updates
- Physical unclonable function (PUFs)
- Schneider-IoT update mechanism
- Mongoose OS
Each of these approaches has advantages and disadvantages. Therefore, as a developer, it is advisable to compare these approaches to find the right solution for your application environment.
Randomly Generated Passwords Instead Of Standard Passwords
Many IoT devices have standard logins such as admin: admin or root: 1234. If these devices can be reached from the Internet and the user does not change the password, the attacker has an easy time. Devices with common passwords are quickly known on the Internet and are easy for everyone.
To find using search engines such as Shodan. Permanently encoded service passwords are also not advisable, as these can be found by reverse engineering and then placed on the Internet. It would be better to proceed as it has been customary for routers for years. A randomly generated password that is attached to the device on a sticker, for example. If the user forgets his password, he can restore the original state by resetting the device.
Safe Default Settings
Devices should be shipped with settings that are too secure rather than too open. A thermostat or an IP camera does not have to be accessible from the Internet by default. If this is still desired, the user should activate this manually (opt-in instead of opt-out).
Use Of Encryption
Communication to devices and servers should be encrypted. This is especially true when the devices communicate by radio outside their encrypted WLAN. An attacker can easily intercept, read or even change data packets. A secure algorithm should be used that also recognizes modifications to the packages.
Products should only send and save the most necessary data. On the one hand, this saves resources – but above all, it limits the information that an attacker can learn about the victim. If a lot of personal data is sent and saved, end-to-end encryption should be considered.
Use Proven Algorithms
When it comes to IT security, older, proven technologies are often better than in-house developments. This is because older standards have already been tested by many people and found to be safe. Of course, this does not mean that these are also error-free (see Meltdown / Specter). An in-house development, on the other hand, can contain many errors.
Implementing these points does not guarantee that the product is safe. However, it reduces the attack surface enormously. If the product is even more secure, a secure development process and product testing are recommended. For example, the soft check Security Testing Process is based on ISO 27034.
It contains six methods for identifying security gaps: Security Requirements Analysis, Threat Modeling, Conformance Testing, Static Source Code Analysis, Penetration Testing, and Dynamic Analysis: Fuzzing. Each of these methods identifies different classes of vulnerabilities. These methods have already been used to identify security gaps in intelligent meter gateways and the smart HS110 TP-Link socket.