I2C SPI USB CAN eSPI Cable Testing View All Videos Quick Start Guides Software Downloads App Notes White Papers User Manuals Knowledge Base Sales Support About Us
Products Blog Sales Support Contact Search
How to Protect your IoT Devices from Hackers
Staff Writer

The Internet of Things (IoT) consists of everyday devices that connect to each other via the internet or other wireless networks. IoT devices are used in industrial applications and manufacturing, as well as in all types of vehicles and in the home. Despite the widespread deployment of IoT devices, however, little attention has been paid so far to the need to secure these devices from unwanted access or manipulation. As a result, there may already be billions of deployed IoT devices with inadequate security measures.

To help you protect your IoT devices from hackers, we're offering a selection of tips and advice on IoT security in this week's blog post. We'll elaborate on the importance of IoT security, then offer some basic and actionable advice that can help you secure your device against unwanted physical or cyber attacks.

Importance of IoT Security

While global quantities of IoT devices can now be counted in the tens of billions, security remains one of the most important concerns that will impact market success for product developers. As IoT devices see increased adoption in industrial, commercial and residential applications, issues with IoT security can lead to all sorts of negative consequences.

An example that's garnered much attention recently is CAN bus hacking in vehicles. Modern vehicles are heavily computerized, with each vehicle containing several different embedded systems across multiple networks. There is typically one network for engine and powertrain messages and a separate network for other types of data transmissions like radio and door locks. Each device on the vehicle network represents a potential attack vector for malicious actors. 

A hacker that gains access to the vehicle can connect a laptop to the vehicle's CAN bus controller to gain control of its computer systems.There have also been reports of hackers intercepting radio signals from key-less entry systems and cloning the signals to gain remote access to the CAN bus. Without the adequate security protocols in place, a hacker could remotely control a vehicle and steal it, joyride it, or use it in a crime.

Other types of IoT devices may be vulnerable to security threats as well. A home security system connected to the IoT could be penetrated by hackers and used to spy on home-owners or deliver false alarms. Some companies are using IoT devices to manage warehouse operations - here, a hack that causes unexpected system downtime could cost a company millions of dollars. The bottom line is that with billions of devices now connected to the IoT, there is a massive need to develop technology and common standards to ensure that these devices are not vulnerable to security breaches or tampering.

red vehicle Vehicles today are more computerized than ever before, with a variety of embedded computers running on several networks. That means new safety features that help prevent collisions, but it could also mean that vehicles are more vulnerable to cyber attacks. Image by Adam Stefanca via Unsplash

Protecting Your IoT Devices Against Physical Tampering

Physical security, which can also be thought of as hardware security, consists of securing the physical IoT devices from interference by a malicious actor. While hackers may still be able to attack IoT devices through software or communication networks, adequate physical security will prevent hackers from directly tampering with devices. Here are a few steps you should take to start protecting your IoT devices against physical attacks.

Understand Invasive vs Non-Invasive Attacks

When it comes to physical attacks against connected devices, it can be useful to distinguish between invasive and non-invasive attacks. An invasive attack requires the attacker to gain access to the chip surface - they will need to completely open the device. A non-invasive attack simply requires that the attacker is close enough to the device to sense and manipulate its electrical characteristics. Both types of attacks should be accounted for in your physical security plan.

Restrict Device Proximity When Possible

Unlike network or software attacks, physical attacks typically only take place when the attacker can gain reasonably proximal access to the target device. Organizations with facilities that depend on IoT devices must take every precaution to secure the facility against all unwanted visitors and uninvited guests. Preventing unauthorized access to IoT devices is an excellent step towards mitigating the risk of a tampering attack.

Seven Types of Physical Security Attacks

Take a few moments to recognize seven different types of physical attacks against IoT device security. Which ones might apply to your devices? How would you prevent that?

  1. Side Channel Analysis - the use of external hardware to analyze the power signature of an IoT device, hoping to steal secret information
  2. Optical, EMFI, BBI - using lasers and other tools to trigger faults in the system that may expose security gaps
  3. Tamper Attacks - using micro probes to directly steal information present in the wires of an IoT device
  4. Power Glitching - an attempt to introduce glitches into the power supply to compromise the security of a device
  5. Clock/Reset Glitching - an attempt to cause a glitch in the clock or reset network of a device that might expose a security flaw or some secret information
  6. Frequency/Voltage Tampering - another attempt to introduce faulty behavior, this time by changing operating conditions of the chip. This can mean modifying the clock frequency or voltage to change how the device functions.
  7. Temperature Attacks - increasing the environmental temperature can overheat an IoT device, causing unpredictable behavior that may be exploitable.

Protecting Your IoT Devices From Cybersecurity Attacks

Cyber attacks against IoT devices are becoming increasingly common. With so many new products coming out, consumers are excited to benefit from the latest conveniences that the IoT can offer. At the same time, consumers should be waking up to the very real security risks that can come with IoT devices and the need to secure those devices against possible cyber threats. We offer three tips to begin securing any IoT devices you currently own. 

Always Change Default Passwords

Home or business routers are a frequent target of IoT device hacking because many people neglect to change the default password. On any laptop, you can establish a connection with any network within range and access the router interface by typing its IP address into the address bar of any browser. For most routers, the default IP address is 192.168.2.1 and the default password is something like "admin". Leaving passwords on the default setting makes it painfully easy for hackers to gain access to your browsing history, online banking, etc. Always change default passwords!

protecting wifi router from being hacked If you're using the default password for your router, you could be taking big risks with your personal and financial information as well as your home network. Image by Misha Feshchak via Unsplash

Use a VPN for IoT Devices in the Home

A virtual private network is a great way to protect in-home IoT devices against cyber attacks. When you connect to the internet from a home network, you broadcast your IP address across the internet for all to see. A malicious actor that finds your IP address may be able to use it to identify unsecured IoT devices that share the same address and try to attack or control them.

 A VPN acts as a remote server that hides your IP address from the world when you browse the internet, shielding your IP address, location and identity from anyone who might be watching.

Perform Regular Software Updates

A third step you can take to prevent cyber attacks is to perform frequent software updates for your IoT-connected devices. The companies that produce these devices release security patches that guard against known security issues. By updating on a regular basis, you'll gain access to the latest protections against the best known threats that the product manufacturer has identified. While this won't protect you against zero-day attacks, you should be less vulnerable to well-known attacks that may have affected others with the same device.

Conclusion 

The IoT marketplace is growing rapidly, but the development of IoT security is lagging behind and there's still plenty of work to be done for engineers who wish to secure their devices in the future. In addition to adequate protection from physical and cyber attacks, IoT devices should be thoroughly assessed to determine whether there are any security vulnerabilities in the code. 

At Total Phase, we create powerful diagnostic tools that help embedded systems engineers test and debug their products more efficiently and bring products to market faster and with lower costs. Want to see how we can help you deliver a more secure IoT product?

Request a Demo