Consumer adoption of smart devices is at an all-time high and poised to grow. Despite the continued growth of connected devices, many consumers are still concerned about the security of those devices, and for good reason. The cost of an attack on an IoT device is high – device manufacturers can potentially see penalties of hundreds of dollars per consumer per incident – compared to the low cost of taking reasonable precautions. And as you’ll see in the news below, there’s a good chance those reasonable precautions will become the law. The roundup below includes several reports on how the public views IoT security, as well as news stories highlighting reasons why concerns about IoT security are quite valid today.
The Electronic Engineering Times recently spoke with industrial control systems and Operational Technology (OT) specialists and analysts regarding the increasing number of cyberattacks in the Industrial Internet of Things (IIoT). The experts agreed on a combination of factors, including outdated OT equipment not designed with the Internet in mind, lack of cybersecurity technology and the increased number of devices and sensors connected to each organization’s IIoT. Notably, Abhi Dugar, research director for IDC, cited the difficulty of scaling legacy OT environments to support public key infrastructure, which “has been used for decades to secure various IT systems.” Read more.
The California legislature has passed the first state law aimed at securing IoT devices. The law, which is set to take effect on January 1, 2020, requires manufacturers to take reasonable precautions against attacks. The California Office of Senate Floor Analysis deemed the law necessary since so many IoT devices “collect a vast amount of personal and intimate information” and “can be directly hacked into, allowing strangers to conduct surreptitious surveillance on homes or to communicate through devices directly.” Read more about the decision here.
According to the COSIC research group from the KU Leuven in Belgium, hackers have the ability to clone Tesla Model S key fobs in seconds by using a tool designed for RFID analysis. The researchers cited several security issues associated with the car’s Passive Keyless Entry and Start (PKES) system, including its lack of mutual authentication. A crypto-related issue also exists in the system’s outdated proprietary cipher called DST40. Read more about the discovery at Security Week.
Although more and more consumers are embracing IoT devices, less than 20% of consumers understand what an IoT device is, let alone the threats faced if these devices are not secured. The report comes from a poll conducted by Metova, a cybersecurity technology services company. “Whether they know it or not, consumers have made the leap to the Internet of Things in and outside of their homes, yet businesses are often unsure of how to approach digital transformation in order to leverage this new realm,” said Metova CMOA Jonathan Sasse. Read more.
Even with the growing number of households with smart devices, many consumers are still worried about the security of their home smart devices, according to a recent report from TechUK and researchers GfK. Of the 1000 people surveyed, 16% identified security as a major concern when considering purchasing a smart device – the third most prevalent barrier to purchasing, behind privacy (23%) and price (40%). These fears are backed by an Accenture survey of 1000 smart home speaker owners that found that 28% of owners do not use their devices to make financial transactions because of security concerns. Read more.
SecureRF is participating at the following industry events over the next several weeks, beginning with a return to Arm TechCon where our work was recognized last year with their prestigious “Best Contribution to IoT Security” award. To arrange a meeting with our executives and technical staff at any of the following events, or to schedule a call with our team, please click here.
Arm TechCon, Oct. 16-18, San Jose Convention Center, San Jose, CA: Visit us at booth 923 to see our award-winning authentication and identification methods on Arm’s newly introduced Cortex-M23 processor. Our technical experts will demonstrate how we deliver speed and other performance advantages over ECDSA / ECDH on what Arm calls “the smallest and most energy efficient implementation of their Cortex-M line of processors.” Don’t forget to ask for your FREE SDK to get started.
Linley Fall Processor Conference, Oct. 30-Nov. 1, Hyatt Regency, Santa Clara, CA: Come see why Linley analysts named SecureRF “Best Technology” in 2017! SecureRF will be on-hand to demonstrate the significant performance advantages our security methods deliver over ECDSA / ECDH on both SiFive’s HiFive RISC-V processor and Arm’s Cortex-M23 processor. To get an overview of SecureRF, readers may wish to download the recent Linley Group report, “SecureRF Locks Up the Keys,” a deep dive on our methods, performance advantages, applications and how we address the threat of quantum attacks.
STMicroelectronics Tech Tour, Nov. 8, Boston Marriott Burlington, Burlington, MA: SecureRF’s Vice President of Engineering, Drake Smith will be speaking on the topic of implementing authentication and data protection on STM32F7x0 Value Line MCUs for real-time IoT devices. In addition, SecureRF personnel will be on hand to demonstrate SecureRF’s performance compared to ECDSA/ECDH on an STM32F7x0 Value Line processor.
Utimaco Applied Crypto Symposium Silicon Valley, Nov. 13, The Mountain Winery, Saratoga, CA: SecureRF CEO Louis Parks will speak on the challenges of securing the IoT in a post quantum world, with a specific focus on addressing security at the device level.
RISC-V Summit, Dec. 3-6, Santa Clara Convention Center, Santa Clara, CA: Come to our booth to learn about our authentication and identification solutions for processor-to-processor security for RISC-V. Members of our technical team will also be on hand to demonstrate the performance advantages of our Secure Boot and Secure Firmware Update solutions on the SiFive “HiFive” board.