Unalarming Discursions

Embedded Engineering Field Notes. Made by @jjmilburn.

© 2018 Josh Milburn. All rights reserved.

IoT Device Security Questions

Reasonable security questions to ask of your IoT device/ecosystem

I’ve been thinking recently about the security properties of ‘connected devices’, mostly in the context of wireless devices where the developer is forced to ‘roll their own’ security to some degree (e.g. BLE ‘Just Works’ connectivity).

Unlike a cellular connected device, where a VPN to the carrier network and a SIM card in the end device might provide ‘adequate’ security in a number of cases, techologies like BLE often rely on the application developer to consider end-to-end security, including key management and crypto best practices.

Sometimes, it is imagined that ‘securing’ a device simply means ‘use a convoluted, multi-step connection process to “confirm” that the user knows our protocol’. Unfortunately, thats no guarantee against tampering, and is unlikely to produce a device that won’t attract exploits. Many tools exist to monitor BLE connections across a number of connection attempts, and once an attack is discovered, publicizing an automated exploit becomes a real possibility.

If some examples of BLE-focused hacks help emphasize this point:

Similar to how there are static analyzer tools to help catch possible bugs in an implementation, it is worth considering what design rules/review questions are in place to reveal possible security weaknesses in the design/architecture phase of a project.

Some ‘IoT Device Security Review’ questions I’ve found useful to date include:

Crypto Basics

Key Management

Security through Obscurity

These bullets draw out risks inherent in the system design, usually related to ‘features’ that are added for convenience in debugging or testing. If left in the system after release, these can represent a major security flaw.

Feel free to contact me if you’ve got your own favorite rules, or any questions on the ones listed here.