Securing IOT: Attacks Scenarios, vulnerabilities and protection methods
We differentiate between two types of IOT devices:
– Smart Devices with high processor and memory capacity to run RSA-keys and certificates on it’s own (printers, cars, smart security cameras)
– Simple devices – basically all other devices, not capable of running fundamental security services infrastructure (Lamps, retail price signs, thermostats, ect. )
Smart IOT devices needs protection on a protocol level with TLS + Certificates. The engine for protecting these resembles traditional CA-managers, but on steroids, since it needs to protect up to hundreds of thousands, maybe even millions of certificates.
Simple IOT devices are usually protected dumb – primarily sporadic protocols containing micro-encryption with shared secrets, if any encryption at all. Here you need to protect the shared secret in transit and on the server. This is usually done by hardening the HTML/Browser based administrative portal.
Using Codesealer Connect Sealing-as-a-Service, Cover or Core, the web administration portal interface is protected against manipulation on the client and we restrict to legal protocols only on-server. Basically, the hacker’s toolbox against know vulnerabilities is rendered useless. Codesealer protects both local tampering vulnerabilities but also the risk of hackers getting access to the shared secret database, thereby protecting against remote control and infecting simple IOT devices.