According to SecurityToday, there are at least 31 billion IoT devices deployed in the world as of 2020. That number is expected to increase by at least 4 billion in 2021. With $83.9 billion in revenue in just the North American IoT market, it’s no surprise that many enterprises are adopting IoT technology into their business logistics.
With so many companies rapidly adapting IoT into their workflow, IoT security can easily be forgotten among the challenge of integration. As useful as IoT devices can be, they pose just as much of a security risk as any other systems, in most instances much more. There is even an OWASP Top 10 dedicated to IoT vulnerabilities.
For a long time, hackers have been frequently targeting IoT devices as an easy way into corporate networks. However, sometimes the device itself can be the target of the hack. It’s common that on its internal network, management access to an IoT device could be completely unrestricted (common, but not recommended). This two-sided consideration is why securing IoT devices and networks can be so tricky, so before we can start focusing on our IoT security we need to make sure we fully understand IoT systems and their uses. In this article, I want to layout a floorplan for building a secure IoT network segment. If you are responsible for implementing IoT devices in your corporate network, this article is for you.
IoT devices have a wide range of use cases. From powering your smart lights at home to managing industrial infrastructure, they have a lot of uses. In all these scenarios the devices need to be accessed for their functionality, usually remotely. The real challenge in IoT security comes from making sure that only people who should be allowed to access these devices can.
An example of this is using any smart home technologies. If you can access your smart lights or smart thermostat remotely, a hacker probably can too. Access controls on smart home technologies are known to be notoriously bad because in a wide range of scenarios device security is not a priority.
When purchasing smart-home technologies, you’re putting your security into the hands of whoever designed these systems. Likewise, when designing a corporate IoT network, you must consider how the new addition to the network impacts the security of the companies IT systems. Here are some design decisions to make and precautions to take to make your IoT network a little bit safer.
These are some design decisions that you should keep in mind while planning out your IoT infrastructure to ensure that you keep your deployment secure.
This is the most important part of IoT integration. IoT devices should not be integrated into an existing network with other IT infrastructure. They should have their own network with their own dedicated gateway and no access to other internal networks. This helps you stay secured in both scenarios where you could be compromised: a threat actor wants to infiltrate the IoT network from the corporate network, or vice versa.
IoT device deployment doesn’t end when the devices are in production; it includes management for the lifetime of that device. Ensure that you have good plans on how to manage the device in a secure manner without exposing it to other internal networks or the internet. When planning for device lifetime management, you need to consider how you can conduct the following operations while still ensuring proper network segregation:
application updates to the devices, as well as facilitating manual access to the devices when necessary. The most secure way to do this is allowing only physical access to this update and maintenance device. This does not introduce any new network attack vectors, which are a big problem in IoT networks.
If your IoT devices are deployed where someone may be able to physically access them (common for some industrial infrastructure), you need to consider physical security as well.
To dissuade a large majority of common attackers, tamper-proofing usually consists of the removal of physical debug ports such as UART. Tamper-proofing can be done at the chip level on flash memory and small processors as well, to dissuade memory-level attacks. Attackers commonly try to steal cryptographic keys in these attacks, but they’re very complicated. Usually, they do not need to be taken into consideration from a security standpoint unless you’re worried about being attacked by a nation-state level threat actor.
These are considerations to make and checks to do when fully implementing your IoT network.
Even though the device is only exposed to an internal network, do not use weak passwords. A good password is not guessable, at least 8 characters long, and contains a lowercase, uppercase, digit, and special character. The best passwords can be generated by using a password generator but be warned that these cannot be memorized unless you’re a cyborg. All the measures taken in this post are to provide layers of security so that in the event of a breach your network can still stay as secure as possible. Having insecure or default passwords on IoT devices can create a hole straight though all these layers, it could even break down network segregation when the bad password is used on a gateway.
Ensure that the device has the absolute minimum amount of running services necessary. Unplanned, unnecessary services can be a backdoor into your devices. For example, some off-the-shelf IoT devices might have an insecure SSH service running by default. You want to catch any of these and disable them before the devices make it into a production deployment.
Though IoT devices should only be on an internal network, this article is about hardening your IoT security as much as possible including the network level. Network level and even application-level security is paramount for these scenarios and can help you avoid many doomsday scenarios.
For example, when an attacker gains access to an IoT network, they also have access to the information traversing that network if it is unencrypted. This could help them better understand how the network is structured and leverage themselves into adjacent networks.
If custom applications are being written to run on your IoT devices, application-level security can be a great way to introduce secure communications. Common IoT protocols such as CoAP support application-level security, so make sure its being implemented in the development toolchain.
As IoT is distributed by definition, ensuring the security of your deployment can be a challenge. By designing network segregation from the start and implementing measures such as network-level security, you can make sure that your network is ready for when the hackers find it. I hope these guidelines can help any IoT network engineer make their deployment more secure, but it’s never too late to be extra safe. If you're looking to integrate security testing into your development process, contact us here to speak to us about our available services, including Penetration Testing as a Service (PTaaS).