IoT Devices and a More Secure Future
Internet-of-Things are slowly but surely making its presence felt both in the enterprise and everyday personal computing. It is a fresh area for innovation, as the smartphone market and the PC market are already both saturated. Those that needs a PC already have one, and those that requires a smartphone already bought themselves a smartphone. Not all household or companies have an IoT device, hence the growth in this area is still has huge potential.
Sprint in their goal to corner a portion of the growing IoT market has announced their innovation to improve the security of IoT platform. Sprint’s technology allow companies to establish a central connectivity hub which connects to IoT devices over the air to manage them. Using a customized SIM technology, Sprint wants to generate a more efficient IoT computing networking environment for the users.
“On top of our dedicated IoT core and operating system built together with Ericsson, our close collaboration with fellow SoftBank company, Packet enables an advanced distributed core network using bare metal servers at the edge that may be activated in minutes. Arm changes the way devices are managed over the air and data is analyzed while delivering unparalleled security from the chip to the cloud. Overall, Curiosity IoT reflects our unique approach in creating the absolute best operating and management environment for IoT – from system managers enhancing their increasingly IoT-centric operations to the most demanding applications in the immediate economy.” explained Ivo Rook, Sprint’s SVP for IoT.
There is a push in the IoT market to standardize, the current stance of the market of having their proprietary hardware paired with proprietary operating system. Arm with their many partners are starting to act on this problem: “IoT provides a tremendous opportunity for organizations to obtain actionable insights from their devices and data, but require strong company integrations to manage the vast industry fragmentation and security challenges. We are working with Sprint from device-to-data and bringing the IoT security and business-critical services that are vital for unlocking value from IoT.”
One of the current ways to secure IoT devices is to never join the IoT device with the rest of the WLAN. Due to the simplicity of IoT, they are always a target of cyber criminals. Use an isolated separate router or create a virtual LAN in the network switch for the IoT devices. This enables a good layer of security separating the IoT devices to the PC, smartphone, and tablet.
Users also don’t regret in discarding an IoT device in the event of an unpatchable bug/vulnerability. If a device model is abandoned by its manufacturer, discard it and use a supported model. The use of a non-supported model is like using a Windows XP PC today, the OS is no longer patched, hence risky to use online.
Below are the tips from Symantec on how to secure IoT devices today:
- Research the capabilities and security features of an IoT device before purchase.
- Perform an audit of IoT devices used on your network.
- Change the default credentials on devices. Use strong and unique passwords for device accounts and Wi-Fi networks.
- Use a strong encryption method when setting up Wi-Fi network access (WPA).
- Disable features and services that are not required.
- Disable Telnet login and use SSH where possible.
- Disable Universal Plug and Play (UPnP) on routers unless absolutely necessary.
- Modify the default privacy and security settings of IoT devices according to your requirements and security policy.
- Disable or protect remote access to IoT devices when not needed.
- Use wired connections instead of wireless, where possible.
- Regularly check the manufacturer’s website for firmware updates.
- Ensure that a hardware outage does not result in an unsecure state of the device.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.