The 2022 IoT Security Checklist
Hear from Particle's Director of Security, IT, and Data Engineering, Mike Sheward, on the things you need to keep in mind when securing your IoT deployment, and how Particle keeps our customer secure.
The last few years have really shown us how precious time really is. For some folks, this has meant taking a step in another direction career-wise, to do something they are truly passionate about.
I think there are very few people out there who haven’t taken a moment to reflect on what is truly important to them, as we cautiously emerge into a world that has been forever changed.
IoT, and connected devices have a big impact on ‘time’. We’re lucky to have them. They allow us to more efficiently use the time humans have available to maintain and operate practically any piece of technology out there.
- Remotely monitored sensors can alert organizations to the need for preventative maintenance on a piece of equipment before it fails.
- Asset tracking solutions allow a single fleet manager to know exactly where every asset is, and even track certain aspects of its condition.
- Smart security cameras can allow a single operator to keep track of properties around the world, from their home office.
Practically any product can be remotely updated with features and fixes to delight customers and build brand loyalty. Good things happen when we build and then keep building.
Unfortunately, for as long as there have been humans building things and using them for good, there have been bad actors who are just as motivated to undo all the hard work. Even worse, are the ones that are doing the complete opposite of what we want to do as builders: causing harm.
The Internet, the necessary medium for connected products to ‘connect’, is a hostile environment, full of threats that need to be addressed to ensure the good outweighs the bad.
In this article, we’re going to walk through some of the most common IoT security threats. For each one, we’ll give you a checklist of critical security measures you can take to address each one as much as possible before they impact you and your customers.
IoT Software Vulnerabilities
All software contains vulnerabilities. Sorry, it’s just the way it is. Doesn’t matter where that software runs: a web server, a device, a spaceship, or a connected horse tracker, there will be bugs that could potentially be exploited by malicious types.
The key is how you manage those vulnerabilities and how you respond when they come up. Any time a malicious actor gets a foothold into some code via a vulnerability, they have the opportunity to alter the execution flow and ultimately the behavior of the software in question.
Addressing IoT Software Vulnerabilities
Obviously, there are libraries full of books about various software vulnerability types and how to address them. To summarize the contents of these tomes, here’s what you need to do:
- Catch bugs that could introduce vulnerabilities as early as possible in the development of the software. This can be done through different types of testing, including penetration testing, static code analysis and dynamic scans.
- Know that simplicity is security. Uncluttered code that’s optimized to reduce the opportunity for something to go wrong is always better than ginormous code bases that load in every software library under the sun “just in case.”
- Have a plan to respond to vulnerabilities. Generally speaking, the folks who are able to hunt down software vulnerabilities are incredibly smart computer scientists. Many of them are motivated to help out and will attempt responsible disclosure of issues they’ve discovered. The key is to respond to those reports in a timely manner, and provide solid timelines for remediation. You also need a mechanism to push fixes to deployed products, to ensure they aren’t sitting ducks.
In the world of connected products, there are many factors that go into determining how risky a vulnerability is when it comes to your specific product. Every business has a different risk tolerance.
Systems that have a direct impact on life safety, for example, are held to a higher standard than those that don’t. But always remember, the risk tolerance that matters most is your customer’s.
A Checklist for IoT Software Vulnerabilities
Here’s a checklist of things to consider when developing software for your connected product:
- Have you tested your software for common vulnerabilities?
- Have you removed all unnecessary services and components from your software?
- Do you know which third-party libraries are included in your software?
- Do you monitor those libraries for known vulnerabilities?
- How can you update your software once it has been shipped?
- How will you inform your customers that your software needs to be updated?
Disruption and Downtime
Have you noticed that any time a cloud-based service goes offline, the chatter on social media always floats toward the cause being related to a security breach?
Unless of course the thing that’s offline is the social media network, in which case the chatter will emerge when things get sorted out. This wasn’t always the case, and has become much more common in recent years, as public awareness of security issues has increased.
We live in an ‘always-on’ world. People expect software to flow from the Internet to their hands like the water from a tap. Any time that’s not the case, for any reason, people will notice, and be loud about it. And for good reason.
Ensuring Uptime and Availability Across an IoT Deployment
If a customer is paying for a service, or product that relies on a service, and it’s sold with a service level agreement around uptime, then you need to make sure it always works.
For connected products, there are many layers to this. Not only do you have to reduce the likelihood of the product breaking down itself, but also the ecosystem that supports it.
We’re talking about the connectivity between the product and the Internet, the backend web services that receive the data from the connected device and issue commands, and the apps and sites that take care of the end-user experience. There are a lot of moving parts to maintain.
Availability is a major consideration for security. If a system becomes unavailable, that can have a major impact on the security of an organization. That’s why it’s critical to build connected products that are designed in such a way that reduces the likelihood of disruption and downtime.
Consider how your connected product would behave if it was unable to connect to the Internet for any reason. Are there procedures in place to remotely troubleshoot a device that’s having issues connecting to a backend service? Run through the various scenarios as you build and test.
A Checklist for Reducing Disruption and Downtime for Connected Products
The key things to consider when making sure your product is resilient:
- Have you built your product’s ecosystem in a highly-available environment?
- Can your ecosystem scale to handle increased load as your product gets more popular?
- Have you tested failover methods?
- Do you have a business continuity and disaster recovery plan?
- Have you run a business continuity and disaster recovery plan test?
- Do you have backups?
- Have you tested restoring data from backups?
- Do you have a plan for identifying and responding too denial of service attacks?
Ransomware and Extortion
No business is immune from the scourge of ransomware or extortion-based attacks, and connected products can provide yet another vector by which a malicious actor can get at data and hold it hostage.
In the case of products that connect via WiFi or Ethernet over corporate networks, any slip up in security can have dire consequences in this regard. It’s a trust thing. Your customers are trusting your devices on their networks, and loss of trust for any reason can have a serious impact on the success of your product.
What Happens During a Ransomware and Extortion Attack?
In a ransomware attack, data is encrypted with a key only known to the attacker and the victim must pay for the privilege of getting access to that key and restoring their data. In an extortion attack, data is lifted from a network and leaked, with the aim of causing embarrassment or reputational damage to the victim organization.
The data targeted generally lives on file shares that have been in place since the dawn of time, and contain every single file ever committed to disk by an organization. Your connected product may have a direct line of sight to this goldmine of sensitive information, and you need to make sure it’s safe enough to operate in this reality. You don’t want to be the weak link in a chain.
We should also consider the data collected by the connected product itself. Quite often, this data can be tied back to a specific individual. Not only do the typical concerns about data security apply, but also ensuring that subject privacy rights are respected and handled in accordance with applicable legislation.
A Checklist for Preventing Ransomware Attacks on Connected Products
The key things to consider when thinking about a ransomware or extortion attack are:
- Do you have backups of critical company data?
- Are those backups stored in a disparate location, so they cannot be compromised as part of any initial ransomware attack?
- Do you have a retention policy that could prevent old, unnecessary communications from becoming compromised in the event of a data breach?
- Do you require multifactor authentication on all remote entry points to your network?
- Do you have an incident response plan that addresses preventing a ransomware attack from spreading to multiple systems?
- Do you know which accounts have access to file shares and the data within them?
There’s an old adage that if an attacker has physical access to a computer, it’s compromised. In the case of a connected product, which is commonly a very small computer, this adage can also be true.
It’s always worth assuming that your connected product will end up in the hands of someone with the skills to interface with it via any channel that’s present, and you should always ask yourself - what then?
What Do Physical Attacks on IoT Deployments Look Like?
Typically, there are two things that an attacker who successfully gains access to the inner workings of a connected product ask themselves.
The first is, “what can I learn from the software running on this device?”
Dumping the firmware of a product is a common first step to figure out how it’s built and what it is communicating with. Reverse engineering firmware is an art form, and worth spending some time researching if you’re serious about IoT security. If that firmware contains secret or sensitive values, then the device won’t be the only thing using them to attempt to communicate with other parts of the connected product ecosystem.
Secondly, an attacker may move on to firmware modification. They might ask, “What happens if I load my own spin of the firmware onto this product? Can I get it to do things that it shouldn’t?”
If this happens, the key is building mechanisms into the product that can detect unauthorized firmware modifications and respond to them accordingly.
A Checklist for Preventing Physical Attacks on Connected Products
The key things to consider when considering a physical attack on connected product hardware include:
- What could be at risk if someone accesses my firmware? Does the firmware contain secret values that could put other infrastructure at risk?
- How will I detect and respond to tampered firmware?
- What would happen if the device was unable to boot due to corrupt firmware?
- Are there any vulnerabilites in hardware components in my product that could make it more susceptible to physical attack?
- What could my competitors do with my firmware?
How Particle Provides a Secure Foundation for IoT Projects
A massive variety of connected products are built on Particle’s IoT Platform-as-a-Service. It’s one of the reasons I like working here so much, to be honest. Sitting in meetings with customers or prospective customers and hearing how they are using Particle is one of the most interesting things I get to do.
It also gives me a lot to think about from a security perspective. Our job is to make sure that our approach to security works for such a wide range of use cases.
We’re an extension of our customers' security teams. We monitor the ecosystem that they use to run their businesses and we never forget how much of a privilege it is to do that.
Our job is to help you navigate some of the IoT security challenges and threats we just discussed, and this is how we do it. And I should also say, this is how we do it ‘right now’ because we’re always learning and always improving.
Reduced Attack Surface
Reducing the opportunities for a malicious actor to discover and leverage software vulnerabilities is a fundamental consideration for Particle. You won’t find any open TCP/IP ports on our IoT devices. Because they are paired with our cloud service, our devices reverse connect to a trusted endpoint that is used for further connectivity with customer systems.
Intelligent Over-the-Air Updates
The only thing worse than a software vulnerability is an unpatchable software vulnerability. Particle’s Over-the-Air update system allows our customers to push new versions of firmware remotely, in a safe and controlled manner.
This has the dual purpose of allowing customers to both update and fix their firmware, and the underlying version of Particle Device OS, as well as adding new features to keep customers delighted.
The Particle Cloud knows what firmware to expect on the device, and if that isn’t what shows up when the device connects - the cloud will intervene in real time to fix the issue by updating the firmware. This helps protect against firmware modification attacks.
Transport Layer Cryptography
All traffic between Particle devices and the Particle Cloud is encrypted using TLS. Traffic sent ‘in-the-clear’ is simply too susceptible to interception and interference to be considered safe in this day and age.
Encrypted communications also support data privacy rights and expectations, when devices are handling sensitive data that can be tied back to individuals.
Device Authentication and Detection
Because Particle is responsible for the manufacturing process of our hardware, and the daily operation via the Particle Cloud, we’re uniquely positioned to authenticate devices as they connect.
The Particle security team also proactively looks for devices that display symptoms of abnormal behavior, such as cloning, so we can help our customers identify potential security risks to their products. These are key component of IoT device management that can't be ignored.
Identity and Access Management
Particle Cloud allows our customers to follow the principle of least privilege when it comes to interacting with deployed devices. We offer a role-based access model that allows granular control over the permissions afforded to human beings and machines when they are interacting with an IoT product.
Particle Cloud also provides a point of reference for a centralized audit log that shows all changes being made to products and device fleets. For enterprise customers, we allow this audit log to be ingested directly into security monitoring tools, meaning your security team can get eyes on exactly what is occurring in the Particle Cloud in tools they are already familiar with.
Site Reliability Engineering
Particle has a dedicated site reliability engineering (SRE) team who are responsible for keeping your cloud up and running. Using a modern architecture based on containerized workloads and redundant infrastructure, the Particle Cloud is designed to ensure your connected products stay connected.
Finding the Right Partner for IoT Security
These are just a few of the things we do to make sure that we remain a trusted partner to our customers. Truth is, this list is constantly changing as we think about new risks and new ways to address them. We have various best practices, guides, and other resources that go in-depth on various security topics, and we’re always happy to share more.
Learn more how Particle makes securing your IoT devices easier.
One final note: When it comes to connected products they provide so much opportunity for good that they’re absolutely worth fighting for.
Yes, there are risks out there, but where there are risks there are opportunities. We firmly believe that a connected world is a better place for everyone, and you can rest assured that we at Particle are working hard to make sure the connected world is as secure as possible.