By Mitchell Muro
On an ordinary Friday morning in February 2021, the city of Oldsmar, Florida, woke up to discover that their water system had been hacked. An intruder had broken in and attempted to poison city residents by boosting the quantity of sodium hydroxide (lye) in the water to toxic levels.
Fortunately, city employees noticed the intrusion immediately and stopped the hacker. And after the fact, they were quick to reassure residents that this proved their current safety measures were effective. But were they?
If you’re a manufacturer of IoT-connected devices, this scenario is probably your worst nightmare. Even though nothing ultimately happened, and failsafes were in place, it’s still a frightening proof of concept of one chillingly simple idea:
As a manufacturer, you can’t assume your device is safe or unlikely to be attacked.
Hackers go where the juiciest prizes can be found; as IoT use cases expand, this entire area becomes a more and more attractive target.
When you’re building IoT devices, you must be aware of this expanding threat landscape. Now, more than ever, you must secure your devices out of the box to protect your customers from cyber attacks.
Today, there are simple tools that can help you do that and companies you can partner with to make your job—designing secure IoT devices—much easier.
This post will explore why IoT devices increase risk so drastically. Then we’ll look at a few ways that you can introduce multi-layered countermeasures when developing an IoT product. Finally, we’ll explore the number one most effective way to secure your devices: firmware security.
IoT Hacking: The Expanding Threat Landscape
What types of products are most vulnerable to IoT hacking? The answer is alarming: All of them.
Hackers are on the prowl for:
- Automotive devices: Awareness around just how vulnerable connected vehicles are has grown, since a team of security specialists managed to exploit a Jeep SUV and drive it off the road. According to a McKinsey report, “Today’s cars have up to 150 ECUs [electronic control units] and about 100 million lines of code; by 2030, many observers expect them to have roughly 300 million lines of software code,” making them more complex than a passenger aircraft.
- Medical devices: The St. Jude’s Medical implantable cardiac device was released with a vulnerability that could let hackers threaten patients’ lives. While it seems unlikely that hackers would have literally stopped patients’ hearts, this would have made an easy target for significant ransom demands.
- Critical infrastructure: This type of attack includes DDoS attacks that have taken down heating and cooling systems. With IoT now controlling everything from garage doors to building security to lighting and projection systems, the potential for mayhem should hackers gain access is nearly infinite. Plus, IoT devices serve as a back door into the company’s network, giving hackers root access and letting them alter source code and move freely throughout the network, threatening sensitive servers and data.
Some of the more common types of IoT hacking are becoming so common that when camera systems are hacked or vulnerabilities discovered, it barely makes the news anymore.
Multi-Faceted Attack Fronts
What makes these devices particularly vulnerable?
- Lack of unified standards and regulation for IoT devices
- Insecure and “always-on” network access
- Third-party components may contain vulnerabilities
- Difficult to implement software-based security (We’ll return to this point later.)
On top of these issues, a majority of IoT devices are shipped with weak passwords, and network managers rarely—if ever—alter the default password, let alone change the password regularly, as security experts and government authorities advise.
Today, the threat goes far beyond tech devices like routers, medical devices, and industrial controllers. Any device, even something as trivial as a fish tank could be a source for data leakage: baby monitors, watches, webcams, smart TVs, vacuum cleaners, printers, and even toys.
Attacks may fall into one or more of a few categories:
- Sabotage: As with heating and cooling systems, as more and more production lines are brought online with IoT, there is greater potential for hackers to bring these systems to their knees, either to cripple the company or to demand a ransom.
- Data leakage: Data communicated to and from the IoT device, from credit card information to real-time health updates, from video images to production line control commands, can be intercepted and used for ransom or to access other systems.
- Infiltration: Attackers can use the IoT device to gain access to an internal network, and from there, access devices—which are usually not secured with zero trust or another modern trustless framework—in order to execute commands.
It’s important to note a further risk: These types of vulnerabilities can also mean the product won’t be in compliance with data and consumer protection regulations in various jurisdictions, leading to hefty fines for the organization. Beyond existing regulations, in 2021, the UN has introduced new regulations making greater cyber-risk management mandatory within the automotive sector.
No matter what industry you’re in, no matter how innocuous your product, you need to secure your IoT device to make sure it can’t be weaponized against your customers, destroying your company’s reputation.
Almost all of these attack types are preventable with adequate planning for security by the IoT manufacturer.
Ensuring the best risk posture for your IoT device begins by assessing all potential avenues for risk, then hardening your device and managing policies.
A few overall best practices:
- Create user-updatable authentication, such as username and password, as a basic line of defense.
- Consider adding passwordless/biometric security for tighter security control.
- Store and communicate data only on an as-needed basis to serve legitimate business purposes or user needs.
- Encrypt all data communication. This step may seem basic, but over 90% of IoT data communication is unencrypted.
- Implement a tool like Quantum IoT Protect Firmware to build in on-device runtime protection so you can easily develop connected IoT devices with built-in firmware security that defends against the most sophisticated cyber-attacks.
Perhaps most importantly, however, is the mindset of ongoing updates. Since no product is ever bulletproof right out of the box, and new vulnerabilities are emerging every single day, this is essential for sustainable, safe IoT. What this boils down to is one simple rule of thumb:
Never roll out any device, for any purpose, for which users can’t update the software, passwords, and firmware.
If security isn’t your area of expertise, or if you feel out of your depth dealing with the myriad risks created by IoT, it’s easy to find an experienced technology partner that can easily provide this missing piece.
Firmware Security: The Most Effective Countermeasure
Of all the best practices mentioned, one stands out as your best line of defense, and the single best investment you can make into any IoT device you develop: firmware updates.
Firmware updates are simply a better approach to IoT security for a few reasons.
When it comes to mainstream endpoints like servers, workstations, laptops, tablets, and other Android and iOS devices, you probably rely on software-based security. However, software-based security is difficult to implement on many IoT devices, since there is such a lack of standardization in their interfaces and communications.
Because of the hodge-podge of different vendors creating IoT products, the communication protocols used for IoT environments are often proprietary: created for a specific device in a specific industry by a specific vendor. Just communicating with your devices is like reading hieroglyphics—let alone managing them, implementing uniform security policies, and applying patches and upgrades as needed.
That’s the main reason IoT devices are frequently misconfigured, unpatched, and not secure.
Obviously, as a vendor hoping to stand out from the crowd and build trust with a product that meets stringent security standards, you need to give your customers a more secure experience. Quantum IoT Protect Firmware lets you do that, providing on-device runtime protection, even against zero-day cyber-attacks.
Whether you’re making IP cameras or smart elevators, medical devices, networking equipment or industrial controllers, firmware security gives your IoT product the tightest protection and strongest line of defense.
Quantum IoT Protect Firmware takes the same three-stage approach mentioned above under best practices:
- Assess: Determine what risks could possibly endanger your product’s security.
- Harden: Control flow integrity (CFI) protection blocks attacks in real time, including zero-day attacks, without affecting user experience.
- Control: Take charge of the product through an open API to control communications and set security practices.
Giving your customers devices that are secure out of the box makes great business sense, and it doesn’t have to be difficult.
With Check Point as your partner in creating secure IoT devices, you’ll build consumer confidence and keep your company out of the headlines. Plus, you’ll avoid fines for non-compliance.