Security is always top of mind when it comes to IoT devices and applications. The recent Mirai DDoS attack in October 2016 is an important reminder that IoT device manufacturers—and consumers—need to be vigilant with security, both out of the box and at home.
Recently, Andrew Lund, Digi’s Product Marketing Manager for Wireless M2M and IoT, shared his thoughts with IoT Evolution on the Mirai attack and what lessons could be learned to help improve security for IoT devices and applications. Below is an excerpt of five of Andrew’s best practices from IoT Evolution’s piece, which you can read in full here.
Change default passwords: Given the attack vector that Mirai used, it’s clear that one area Device OEMs can make design decisions to increase security is with respect to passwords. The days of leaving the default password unchanged are over, so manufacturers must either force users to change passwords or create a “default” passwords that are unique to each individual IoT device.
Don’t allow insecure ingress protocols: Mirai malware contains “killer” scripts that remove other worms and Trojans, allowing Mirai to maximize its use of the infected host device. But Mirai also goes one step further and closes processes that are used for remote ingress attempts, like Telnet, SSH, and HTTP.
Secure remote management tools: Efficient, cost-effective method of remotely monitoring, updating and managing connected devices. Users can set performance parameters for healthy devices and create reports and alarms for suspicious activity. Using a remote manager that incorporates PCI-DSS and other relevant security certifications in the cloud such as HIPAA and NIST allow users to define a device profile, assign the profile to all devices in a group, and monitor and auto-remediate any variances. The best remote management tools can also restrict incoming traffic to only allow SSL connections, eliminating unencrypted TCP connections.
Firmware updates: Firmware updates must be completed securely (authentication) and automatically, or at a minimum, users must be notified/prompted when a new firmware update is available.
Packet encryption: This consists of basic encryption, such as FIPS-197/AES, to protect messages from unauthorized viewing or malicious changes. This method is easy to implement and use, especially in conjunction with private keys.
Online gaming and virtual gambling have risen significantly due to increased mobile accessibility, social media, technology advancements and expanded internet connectivity. Big Data and the Internet of Things (IoT) are proving to be even more of a game changer for these industries by collecting large amounts of data, from a variety of gameplay data sources, while rapidly connecting and communicating to thousands of sites.
You may experience this IoT evolution when you are playing Words With Friends® on your smartphone with college classmates across the country, or when you play poker on your computer with complete strangers across the globe. Regardless of your gaming or gambling experience, we all know how critical real-time connection is when we are trying to win. Now translate those wins into $6 billion of revenue, and the stakes of rapid connectivity are significantly heightened like for the world’s largest slot machine manufacturer International Game Technology (IGT) . With more than 400,000 point-of-sale devices in 100 countries, watch the video below to learn why IGT turned to Digi TransPort® LTE wireless routers to keep those bets and wagers flowing:
The following is an excerpt from our recent brief, 5 Reasons You Should Consider Embedded Cellular Technology. If you’ve
ever considered embedded cellular technology in the past, this brief will quickly highlight some of the key benefits and how the Digi XBee Cellular family can help reduce the cost and complexity of your embedded cellular technology deployment.
Makers of remotely deployed sensors and devices have settled for the compromises, expense, and provisioning/maintenance complexity of traditional RF connectivity for years. Cellular connectivity addresses many of these drawbacks – but still hasn’t been cost-feasible for smaller deployments of ten or fewer devices. Today, that’s changing—here’s how:
Cost-Effectiveness: You may have considered embedded cellular in the past, but rejected it because of high-cost data plans from carriers. Today, however, with the emergence of LTE Cat 1 (and, soon, Cat M1 and NB1), the economics are becoming far more favorable – sometimes in the range of just US$2/month (1 MB data plan). For deployments up to ten per location – such as low-power wide-area (LPWA) applications – it can be cheaper to embed cellular connectivity in each device instead of aggregating through a single gateway.
Greater Coverage: As carriers continue to build out their networks to the furthest and remotest areas, there are fewer dead zones to limit your deployments.
Verizon Pre-Certification Digi XBee Cellular is FCC-certified and Verizon end-device-certified, so your device gets to market faster. Digi eliminates the traditional delays, thousands of dollars in costs, and headaches. Coming soon, Digi XBee units will be pre-provisioned as well for even faster deployment.
Digi XBee Cellular enables OEMs to quickly integrate cutting edge 4G cellular technology into their devices without dealing with the painful, time-consuming, and expensive FCC and carrier end-device certifications.
Limited only by designers’ imaginations, the Internet of Things (IoT) is changing how people live. From medical devices and fitness trackers to tank sensors, smart thermostats, intelligent streetlights, water monitors, and more, the IoT is in more places than ever.
However, by relying on wireless networks, those hundreds of millions of IoT devices present a greater “attack surface,” making them tempting frontline targets for competitors, hackers, disgruntled employees, and other bad actors. Unfortunately, the tools and techniques we’ve applied to PC/smartphone platforms often don’t work well in the IoT, for several reasons:
Resource Limitations – Small-footprint IoT devices typically have far less battery power, processing speed and memory. They lack the power and sophistication required to support traditional security measures.
Data Complacency – Many companies view the data in their IoT networks as mundane and having little intrinsic value outside the organization. But many breaches are motivated by other factors, such as competitive advantage, social status, or revenge. The data isn’t the goal – the hack is.
Availability of Tools– The tools and expertise to analyze and modify embedded/IoT devices are widely available – even to hobbyists.
No Physical Access Required– One of the advantages of the IoT is that devices can be remotely configured/upgraded without the need for dispatching a truck. However, thanks to wireless connections, hackers don’t need physical access to devices such as USB or other I/O ports.
Interface Differences– Embedded devices have no GUIs, and error messages can be as basic as a coded series of beeps or flashing lights. This is particularly true for security status and control functions allowing for security alarms to be overlooked.
Hardwired Ports– These provide unfortunate opportunities for compromise. IoT solutions can’t simply implement a strong password over a TLS connection – the most common approach for PC/Internet applications.
IoT solutions need a different approach and the effort required to identify and mitigate unique security risks in embedded systems is often underestimated, if not overlooked entirely.
Developing a successful Internet of Things (IoT) application starts with selecting the right technology for your product or project. The two videos below were created to get you in the know and on the right path in less than a few minutes each.
Mesh Networking Vs. Cellular Technology for IoT Applications
How do you choose between mesh networks and new LTE networks such as Cat 1, Cat M1, and NB-IOT?
IoT expert and Digi Chief Innovation Officer, Rob Faludi, explains the advantages and disadvantages of mesh networking and cellular networking, so you can identify the right solution for your application.
Choosing the Right Mesh Networking Technology for Your Application
If you’re still determining if mesh networking technology is the right solution for your application, Faludi, digs deeper into the strengths and weaknesses of mesh networking protocols specific to IoT applications.
When working with different IoT applications it is important to know the difference between point-to-multipoint networks and mesh networks, along with the advantages and disadvantages of different types of mesh networks like ZigBee, DigiMesh, and Thread.
Do you have a topic you’d like to see an Internet of Things expert cover? Let us know in the comments below.
With Black Friday and Cyber Monday behind us, the holidays are officially in full swing. To help get you in the holiday spirit, we’ve curated some of our favorite connected creations that take holiday celebration to the next level.
Here are some of our favorite Internet of Things-powered projects to keep you occupied this holiday season.
IoT Seminar Series
The Digi executive team started the month off across the globe for the IoT Seminar Series “Connect with Confidence”. This two part series focused on solving mission-critical machine-to-machine communication challenges with expert technical advice and Internet-of-Things product offerings. The intimate set up gave attendees the opportunity to meet one-on-one with key presenters and technical staff to openly answer questions, share customer stories, and discuss product strategies for industrial connectivity, IoT devices, and embedded RF and cellular applications.
Part one of this series took place in Tokyo, Japan on November 1
Part two took place in Shanghai, China on November 2
Digi Product Manager went live with Beecham Research, Founder & CEO Robin Duke-Woolley, for the M2M Zone webinar to discuss details of the cellular IoT roadmap, LTE IoT standards and benefits, and how low-power cellular connectivity is a game changer. Listen to the full webinar below and tune in for the next one on January, 12 2017.
Digi traveled to Germany for Electronica 2016 to feature new products, offer customer promotions, and support partnerships. Highlights include connecting with current and new customers, meeting with media, and working with our dedicated partners. Read more about the show and the IoT highlights here >>>
The Digi team had a great time at Electronica 2016, a trade show that takes place every other year in Munich.
This year over 73,000 attendees and 2,800 exhibitors helped the event live up to its billing as “the best place to see the entire world of electronics here—on Planet e.”
But, what impressed us the most was the number of applications and topics, as the Internet of Things (IOT) is bringing innovations that permeate every industry and product category.
Exhibits covered topics ranging from automotive and industrial process control to consumer wearables and connected health. Embedded computing and integrated sensors along with ubiquitous connectivity are truly transforming every industry.
Here are a few creative ways we saw engineers using embedded computing and connectivity: