Issue link: https://resources.mouser.com/i/1442769
IoT Device Security: Built-In, Not Bolt-On The 10 Security Factors Every Device Designer Should Consider 21 The Rising Tide of Security Threats Limited only by designers' imaginations, the Internet of Things (IoT) is changing how people live. From medical devices and fitness trackers to tank sensors, smart thermostats, intelligent streetlights, water monitors, and more, the IoT is in more places than ever. However, by relying on wireless networks, those hundreds of millions of IoT devices present a greater "attack surface," making them tempting frontline targets for competitors, hackers, disgruntled employees, and other bad actors. Unfortunately, the tools and techniques we've applied to PC/smartphone platforms often don't work well in the IoT, for several reasons: • Resource Limitations – Small-footprint IoT devices typically have far less battery power, processing speed and memory. They lack the power and sophistication required to support traditional security measures. • Data Complacency – Many companies view the data in their IoT networks as mundane and having little intrinsic value outside the organization. But many breaches are motivated by other factors, such as competitive advantage, social status, or revenge. The data isn't the goal–the hack is. • Availability of Tools – The tools and expertise to analyze and modify embedded/IoT devices are widely available–even to hobbyists. • No Physical Access Required – Thanks to wireless connections, hackers don't need physical access to devices such as USB outlets or network ports. • Interface Differences – Embedded devices, have no Graphical User Interfaces (GUIs), and error messages can be as basic as a coded series of beeps or flashing lights. This is particularly true for security status and control functions. • Hardwired Ports – These provide unfortunate opportunities for compromise. IoT solutions can't simply implement a strong password over a TLS connection–the most common approach for PC/Internet applications. IoT solutions need a different approach, and the effort required to identify and mitigate unique security risks in embedded systems is often underestimated, if not overlooked entirely. But the risks of this rising tide of security threats are significant. Beyond reputational damage, competitive threats, eroding customer confidence, and safety challenges, regulators are paying increasing attention as well. For instance, security breaches that violate HIPAA regulations can lead to fines of $50,000 per violation. Credit card processors that fail to comply with the PCI DSS standard may be fined up to $100,000 per violation. By Mike Bleakmore, Technical Product Manager Embedded/RF, Digi International