<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1800789063490117&amp;ev=PageView&amp;noscript=1">

IoT Cybersecurity: 5 Ways To Help Secure Your Application

In October 2016, the Internet of Things was at the center of one of the largest distributed denial of service (DDoS) attacks. A botnet called Mirai hacked IoT devices and then used those devices to send an unprecedented number of traffic requests to Dyn, a large DNS provider. This increase in traffic caused Dyn to go offline, and subsequently knocked a number of its noteworthy customers offline as well—including Amazon, Twitter, and PayPal.

Whie there have been numerous high-profile IoT-related cyber attacks over the last several years, the Dyn attack demonstrates the importance of IoT cybersecurity. To protect your own application from IoT breaches there are five things you can do:

1. Don’t provision your IoT devices with default usernames and passwords.

A large majority of IoT cyber threat can be avoided by following this one simple rule. Here’s why: A lot of common IoT devices (like many smart thermostats and security cameras) are Linux-based, and many are shipped out with default usernames and passwords for SSH connections. (We’ll discuss the danger of SSH below.) If your customer puts one of these devices on their network, it becomes a very easy target. The Mirai attack specifically searched out devices with this very trait. Tools like Shodan and Nmap make it easy for hackers to write a script that finds these devices and tests the default password, paving the way for a large-scale attack using botnets.

Want to learn about how large scale manufacturing operations track and monitor materials in their plants?

To avoid this, we strongly recommend considering other solutions to manage your applications, without default passwords. Even hashing—where customers enter their unique product serial numbers into a browser to get their password—is more secure than shipping out standardized usernames and passwords.

2. Don’t use an SSH (Secure Socket Shell) connection, if possible.

As mentioned, many IoT applications run Linux, and most Linux systems enable SSH by default. That means the device is “listening” to port 22 for anyone who wants to connect to it via SSH. If your application does not require that you use SSH, be certain it’s disabled—because it’s a major IoT cybersecurity vulnerability.

3. Limit your application’s exposure to IP-based networks, if possible.

Chances are good that if someone tries to hack your IoT device, they’ll do so using an online, script-based attack. It’s much, more more rare for a device to be hacked physically by a bad actor in the same room. Limit your application’s exposure to IP networks if you’re able.

Your connectivity provider may be able to help. Symphony Link, for example, doesn’t have IP-based communication from the end-node to the gateway, so there’s no network-based vulnerability that can attack that link. Even if a hacker were able to gain access to, say, a Symphony Link-connected smart water meter, there would be nothing said hacker could do to exploit the connection into the upstream IP network.

4. Create a VPN tunnel into your backend network.

Enable your devices to create a virtual private network (VPN) tunnel for secure communication. The best way to do this with cellular IoT is to negotiate with your carrier to add your devices in their private network, with a VPN tunnel directly to your backend. The result: There’s no way for any traffic to or from your devices to get to the internet. Called virtual air-gapping, this is a service we provide our LTE-M customers here at Link Labs.

5. Whitelist certain IPs and domain names.

Consider only allowing only a select list of IP addresses or domain names to send traffic to your devices as a form of firewall protection. This can help prevent rogue connections. Keep in mind that if your device is hacked, it may be possible for the hacker to remove the IP and domain blocks you have in place—but this is still a good precautionary step.

Finally, if you’re a large company developing a connected application, we at Link Labs strongly recommend you research an established security consulting firm who can analyze your cybersecurity practices and help ensure your application is sound. Don’t wait to be the subject of a Dark Reading article about how simple it is to exploit your device. Spend the money now to secure your application. If you have questions in this area, we’d be happy to help—send us a message and we’ll get back with you shortly.

Tehcnical Documentation Portal

 

Written by Brian Ray

Brian is the Founder and CTO of Link Labs. As the chief technical innovator and leader of the company, Brian has led the creation and deployment of a new type of ultra long-range, low-power wireless networking which is transforming the Internet of Things and M2M space.

Before starting Link Labs, Brian led a team at the Johns Hopkins University Applied Physics Lab that solved communications and geolocation problems for the national intelligence community. He was also the VP of Engineering at the network security company, Lookingglass, and served for eight years as a submarine officer in the U.S. Navy. He graduated from the U.S. Naval Academy and received his Master’s Degree from Oxford University.

OTHER ARTICLES YOU MAY ENJOY

Internet of Things, M2M & IoT Applications

The CDMA Sunset & Its Impact On Your IoT Strategy

Read
M2M, M2M & IoT Applications

What is M2M?

Read

Want to learn more?

Looking for more information about the latest IoT technologies, like LPWAN, LoRa, M2M,
long-range wireless and more? Here are a few resources to get you started.


RESOURCES
PAGE
Range
Calculator