A Matter of IoT Security

Published by Barbara Nelson May 23, 2017

Consumers used to take security for granted. They would buy a connected product and trust they were safe - no questions asked. There was no reason to question it.

But with recent breaches in security and a better understanding of the ramifications of an insecure product, mainstream consumers are now concerned about the security of their IoT products.  This directly affects product sales, returns and reviews. In fact, according to Parks Associates, 45% of U.S. broadband households are very concerned that someone will get access to a smart home devices. This number will continue to grow as connected products become ubiquitous in the home.

Why are product companies producing insecure products?

Most product companies take security very seriously, but slip ups have and can happen. Whether it’s due to market demands (new, flashy features), overworked development team (not enough resources), lack of security expertise (traditional manufacturers sometimes don’t have security experts in house), insufficient development time (getting the product shipped as fast as possible) or a combination of some or all of these reasons, security is put on the back burner.

We know that robust security is a must-have requirement for IoT products now. Not only do the customers expect it, but the product company’s bottom line depends on it. A security breach of a connected product can be a disaster: not only does it look terrible for the company, but that company forever loses customer’s trust. Future sales will be impacted negatively and the company will be facing an uphill battle to regain their customer’s trust.  Depending on the extent of the impact, there could be far worse consequences. Earlier this year, German regulators banned an internet-connected doll that they felt was a “spying device” because it inadequately protected the communication between the doll and the cloud.

Product companies should create products that consumers are confident about purchasing.

What can product developers do?

Consumer electronics pose a new set of attack vectors for hackers, and it can be difficult to increase security while ensuring a great out-of-box experience. What can product companies do to outsmart the hackers and protect their customers?

The first step is to put security at the top of the To Do list. Don’t let it get pushed off in favor of a new and improved feature.

Second is to ask yourself these questions:

  • How do I prevent an unauthorized user from taking control of the product?
  • How do I know that my product is connecting to the right network?
  • How do I ensure that the data that the product gathers is safely delivered to the cloud, without being intercepted along the way?
Virus scanners are not commonly available for most connected products, so developers are left to find new solutions. In addition to preventing unauthorized access, products must be hardened to never expose customer Wi-Fi data (even when the Soft AP process is used for onboarding), prevent device and cloud spoofing (both device and cloud must be securely authenticated), and not endanger other devices (which can be difficult if interoperability is a goal).

Cirrent’s solution addresses many of the technical and commercial security needs of consumer electronics. Cirrent’s embedded agent, and partnerships with network operators, give Cirrent a unique ability to identify, prevent, detect, and mitigate threats.

The focus on IoT security is at an all-time high - we see it in the news every day. With the recent large scale attacks on connected products, end customers are paying attention to the issue of security and how it could affect their lives. Investing in security is not a choice but rather a mandate if you want your connected product to be successful and be a product that you are proud to have bear your brand.

New Call-to-action