.jpg)
Overcoming IoT security threats to achieve better ROI
Monday, January 8, 2018
|
Richard Harris |
How security concerned businesses are overcoming IoT vulnerabilities to achieve increased returns.
With B2B IoT segments expected to generate more than $300B annually by 2020, it’s no surprise that companies are rushing to build out their IoT businesses and cash in on the modern day gold-rush. However, many manufacturers are struggling to achieve long term profitability for their IoT projects beyond initial hardware sales.
The key to ensuring an organization’s IoT investments are not short-lived will be the adoption of an underlying infrastructure that is designed to boost revenue streams and customer retention out over the long term. Some businesses are turning to white-labeled app stores that are custom-built for IoT to increase their ROI and establish long-term revenue streams. For example, network and security scanning company Fing built its new network security device, Fingbox, with the understanding that being able to offer new functionality could enhance the product further down the line, without requiring users to buy new hardware, bringing new revenue opportunities beyond the initial device sale.
We spoke with Carlo Medas, Co-founder and R&D Architect at Fing about connected device security and how manufacturers can overcome the barriers of IoT device development to drive new revenue opportunities with IoT post-sale:
Medas: From smart home thermostats to connected refrigerators, consumers are eager to take advantage of the growing number of IoT-enabled devices to make their homes and day-to-day lives smarter. Recognizing this, manufacturers, developers, and engineers have also been quick to jump on the connected devices bandwagon. However, in their rush to cash in on IoT, many have put thinking about best practices for long-term connected device security on the backburner, placing the burden of security at the doors of unsuspecting consumers. Without the proper security precautions, every connected device running on a home network is at risk of unpatched vulnerabilities and security flaws, leaving IoT devices wide-open to botnets, hackers and cyberattacks.
Many homeowners also don’t really understand their network and IoT security. There’s also a lack of available tools that are easy to use and install. There are many network solutions for enterprises, yet the home market is still underserved. This is why homes need easy to use and affordable solutions for home network security.
Another big threat brought about by the increase in connected devices is opened ports on devices and the prevalence of default or unchangeable passwords. If a device uses a stock password such as ‘12345,’ ‘password’ or some derivative of the device name like ‘Thermostat-A596,’, it’s very susceptible to a brute force attack as hackers simply use automated scripts to input thousands of simple combinations of letters and numbers until they gain access.
Devices can also put consumer homes at risk of cyberattack when their manufacturers don’t develop and distribute timely fixes for known vulnerabilities, or fail to take the action necessary to ensure those fixes are installed. Many developers have fallen into the trap of building devices, putting them on the market and ignoring them once they hit the shelves, leaving millions of potentially unpatched devices with known vulnerabilities just waiting to be hacked.
Medas: We launched Fingbox to give increasingly security-conscious consumers with lots of devices on their networks an easy-to-use, affordable network security and troubleshooting toolkit so they can take back control of their entire network. The device raised almost 1.7 million USD on Indiegogo and over 30,000 units have shipped to homes.
Fingbox offers homes first of its kind features for home networks including: Internet & Cyber Security, Remote Monitoring & Alerts, Internet Security Checks, Device Blocking & Internet Pause Scheduling as well as a range of troubleshooting features like Internet and WiFi Speed Tests and Bandwidth Analysis.
Fingbox is powered by Ubuntu Core, the Linux operating system tuned for IoT devices, which enables us to push upgrades remotely with snaps, the universal Linux packaging format, ensuring that customers no longer need to worry about updating their devices manually.
The flexibility and scalability enabled by Ubuntu Core has allowed us to take Fingbox from ideation to fundraising to production and distribution of Fingbox.
Medas: With the rise of IoT devices, interoperability is always a big issue because devices don’t necessarily play nice with another or speak the same language. This is why we’re continuously improving our underlying device recognition technology through machine learning so it’s able to recognize more devices faster and more accurately.
Developing the right desired features is also an important part of building an IoT device. Each user has a different set of varying devices and list of desired features. To develop the right features, manufacturers should constantly request feedback through surveys and gather usage stats through in-app analytics to understand what features are desired and used most. The most important thing is to be customer centric, and keep your users needs at the center of your product’s feature roadmap.
A consistent approach to device security is also a challenge. In the consumer market, to improve profitability it is often the case that security features are a fatality of cutting costs. Ultimately IoT devices themselves must be acknowledged as the most critical point at which security should be considered.
Medas: Many IoT devices are connected and then forgotten about, sitting in consumers’ homes for years. But, hackproof devices do not exist: there are only devices with undiscovered vulnerabilities, and when those flaws are found, developers must work quickly to patch them and prevent attacks.
When building or deploying any IoT device, manufacturers need to consider how existing connected devices can be built to be future-proofed to extend the lifecycle of individual products and capitalize on the ability to improve functionality over time with remote upgrading, without requiring customers to purchase new hardware.
Medas: We built Fingbox to be future-proofed with the help of Ubuntu Core, which enables automatic upgrades to the latest software version, ensuring that end users can receive the latest security and functionality updates consistently and seamlessly. Plus, if an upgrade can’t be completed, the device automatically rolls back to the last working software version, which guarantees it is always operating.
Medas: This is something every manufacturer needs to be prioritizing. Through the development of apps and app stores, manufacturers can generate new revenue streams beyond initial hardware sales. For example, through Fing’s adoption of the brand store offering from Canonical, the company behind Ubuntu, we’re positioned to further monetize our device through new features, enhancements and product add-ons.
Carlo is R&D architect of Fingbox backend and Fing embedded software, where he balances the use of proprietary native C++ software with Big-Data Apache ecosystem technologies (Hadoop, YARN, Kafka, Spark, Flink, Storm, Zookeeper). Fing was born from Look@LAN, which was a free network management and monitoring software Carlo published on the internet in 2002 for his Bachelor Dissertation titled “Look@LAN - monitoring IP nodes.”
Prior to Fing, Carlo spent 13 years at Anritsu, where he held several leadership positions. Over the last two years Carlo held the position of Big-Data and Analytics Program Manager and Architect, where he gave birth to eoMind, Anritsu’s real-time analytics platform. Carlo also holds a Bachelor of Science in Computer Science from the University of Cagliari and has completed many professional courses to enrich his skill-set ranging from Modern Data Visualizations and Story Telling, Emotional Intelligence, Agile Programming, Agile Project Management and more.
The key to ensuring an organization’s IoT investments are not short-lived will be the adoption of an underlying infrastructure that is designed to boost revenue streams and customer retention out over the long term. Some businesses are turning to white-labeled app stores that are custom-built for IoT to increase their ROI and establish long-term revenue streams. For example, network and security scanning company Fing built its new network security device, Fingbox, with the understanding that being able to offer new functionality could enhance the product further down the line, without requiring users to buy new hardware, bringing new revenue opportunities beyond the initial device sale.
We spoke with Carlo Medas, Co-founder and R&D Architect at Fing about connected device security and how manufacturers can overcome the barriers of IoT device development to drive new revenue opportunities with IoT post-sale:
ADM: What are some of the security threats and vulnerabilities associated with the increased number of connected devices in consumer’s homes?
Medas: From smart home thermostats to connected refrigerators, consumers are eager to take advantage of the growing number of IoT-enabled devices to make their homes and day-to-day lives smarter. Recognizing this, manufacturers, developers, and engineers have also been quick to jump on the connected devices bandwagon. However, in their rush to cash in on IoT, many have put thinking about best practices for long-term connected device security on the backburner, placing the burden of security at the doors of unsuspecting consumers. Without the proper security precautions, every connected device running on a home network is at risk of unpatched vulnerabilities and security flaws, leaving IoT devices wide-open to botnets, hackers and cyberattacks.
Many homeowners also don’t really understand their network and IoT security. There’s also a lack of available tools that are easy to use and install. There are many network solutions for enterprises, yet the home market is still underserved. This is why homes need easy to use and affordable solutions for home network security.
Another big threat brought about by the increase in connected devices is opened ports on devices and the prevalence of default or unchangeable passwords. If a device uses a stock password such as ‘12345,’ ‘password’ or some derivative of the device name like ‘Thermostat-A596,’, it’s very susceptible to a brute force attack as hackers simply use automated scripts to input thousands of simple combinations of letters and numbers until they gain access.
Devices can also put consumer homes at risk of cyberattack when their manufacturers don’t develop and distribute timely fixes for known vulnerabilities, or fail to take the action necessary to ensure those fixes are installed. Many developers have fallen into the trap of building devices, putting them on the market and ignoring them once they hit the shelves, leaving millions of potentially unpatched devices with known vulnerabilities just waiting to be hacked.
ADM: Tell me about Fingbox. How can consumers benefit from deploying it?
Medas: We launched Fingbox to give increasingly security-conscious consumers with lots of devices on their networks an easy-to-use, affordable network security and troubleshooting toolkit so they can take back control of their entire network. The device raised almost 1.7 million USD on Indiegogo and over 30,000 units have shipped to homes.
Fingbox offers homes first of its kind features for home networks including: Internet & Cyber Security, Remote Monitoring & Alerts, Internet Security Checks, Device Blocking & Internet Pause Scheduling as well as a range of troubleshooting features like Internet and WiFi Speed Tests and Bandwidth Analysis.
Fingbox is powered by Ubuntu Core, the Linux operating system tuned for IoT devices, which enables us to push upgrades remotely with snaps, the universal Linux packaging format, ensuring that customers no longer need to worry about updating their devices manually.
The flexibility and scalability enabled by Ubuntu Core has allowed us to take Fingbox from ideation to fundraising to production and distribution of Fingbox.
ADM: What are some common challenges in IoT device development?
Medas: With the rise of IoT devices, interoperability is always a big issue because devices don’t necessarily play nice with another or speak the same language. This is why we’re continuously improving our underlying device recognition technology through machine learning so it’s able to recognize more devices faster and more accurately.
Developing the right desired features is also an important part of building an IoT device. Each user has a different set of varying devices and list of desired features. To develop the right features, manufacturers should constantly request feedback through surveys and gather usage stats through in-app analytics to understand what features are desired and used most. The most important thing is to be customer centric, and keep your users needs at the center of your product’s feature roadmap.
A consistent approach to device security is also a challenge. In the consumer market, to improve profitability it is often the case that security features are a fatality of cutting costs. Ultimately IoT devices themselves must be acknowledged as the most critical point at which security should be considered.
Carlos Medas, Co-founder and R&D
Architect, Fing
Architect, Fing
ADM: Why is it essential that manufacturers prioritize building future-proofed IoT devices?
Medas: Many IoT devices are connected and then forgotten about, sitting in consumers’ homes for years. But, hackproof devices do not exist: there are only devices with undiscovered vulnerabilities, and when those flaws are found, developers must work quickly to patch them and prevent attacks.
When building or deploying any IoT device, manufacturers need to consider how existing connected devices can be built to be future-proofed to extend the lifecycle of individual products and capitalize on the ability to improve functionality over time with remote upgrading, without requiring customers to purchase new hardware.
ADM: What are some ways IoT consumer devices can be future-proofed?
Medas: We built Fingbox to be future-proofed with the help of Ubuntu Core, which enables automatic upgrades to the latest software version, ensuring that end users can receive the latest security and functionality updates consistently and seamlessly. Plus, if an upgrade can’t be completed, the device automatically rolls back to the last working software version, which guarantees it is always operating.
ADM: How can manufactures build a business beyond hardware?
Medas: This is something every manufacturer needs to be prioritizing. Through the development of apps and app stores, manufacturers can generate new revenue streams beyond initial hardware sales. For example, through Fing’s adoption of the brand store offering from Canonical, the company behind Ubuntu, we’re positioned to further monetize our device through new features, enhancements and product add-ons.
About Carlos Medas
Carlo is R&D architect of Fingbox backend and Fing embedded software, where he balances the use of proprietary native C++ software with Big-Data Apache ecosystem technologies (Hadoop, YARN, Kafka, Spark, Flink, Storm, Zookeeper). Fing was born from Look@LAN, which was a free network management and monitoring software Carlo published on the internet in 2002 for his Bachelor Dissertation titled “Look@LAN - monitoring IP nodes.”
Prior to Fing, Carlo spent 13 years at Anritsu, where he held several leadership positions. Over the last two years Carlo held the position of Big-Data and Analytics Program Manager and Architect, where he gave birth to eoMind, Anritsu’s real-time analytics platform. Carlo also holds a Bachelor of Science in Computer Science from the University of Cagliari and has completed many professional courses to enrich his skill-set ranging from Modern Data Visualizations and Story Telling, Emotional Intelligence, Agile Programming, Agile Project Management and more.
Become a subscriber of App Developer Magazine for just $5.99 a month and take advantage of all these perks.
MEMBERS GET ACCESS TO
- - Exclusive content from leaders in the industry
- - Q&A articles from industry leaders
- - Tips and tricks from the most successful developers weekly
- - Monthly issues, including all 90+ back-issues since 2012
- - Event discounts and early-bird signups
- - Gain insight from top achievers in the app store
- - Learn what tools to use, what SDK's to use, and more
Subscribe here
