Overcoming IoT security threats to achieve better ROI
|Richard Harris in IoT Monday, January 8, 2018|
How security concerned businesses are overcoming IoT vulnerabilities to achieve increased returns.
The key to ensuring an organization’s IoT investments are not short-lived will be the adoption of an underlying infrastructure that is designed to boost revenue streams and customer retention out over the long term. Some businesses are turning to white-labeled app stores that are custom-built for IoT to increase their ROI and establish long-term revenue streams. For example, network and security scanning company Fing built its new network security device, Fingbox, with the understanding that being able to offer new functionality could enhance the product further down the line, without requiring users to buy new hardware, bringing new revenue opportunities beyond the initial device sale.
We spoke with Carlo Medas, Co-founder and R&D Architect at Fing about connected device security and how manufacturers can overcome the barriers of IoT device development to drive new revenue opportunities with IoT post-sale:
ADM: What are some of the security threats and vulnerabilities associated with the increased number of connected devices in consumer’s homes?
Medas: From smart home thermostats to connected refrigerators, consumers are eager to take advantage of the growing number of IoT-enabled devices to make their homes and day-to-day lives smarter. Recognizing this, manufacturers, developers, and engineers have also been quick to jump on the connected devices bandwagon. However, in their rush to cash in on IoT, many have put thinking about best practices for long-term connected device security on the backburner, placing the burden of security at the doors of unsuspecting consumers. Without the proper security precautions, every connected device running on a home network is at risk of unpatched vulnerabilities and security flaws, leaving IoT devices wide-open to botnets, hackers and cyberattacks.
Many homeowners also don’t really understand their network and IoT security. There’s also a lack of available tools that are easy to use and install. There are many network solutions for enterprises, yet the home market is still underserved. This is why homes need easy to use and affordable solutions for home network security.
Another big threat brought about by the increase in connected devices is opened ports on devices and the prevalence of default or unchangeable passwords. If a device uses a stock password such as ‘12345,’ ‘password’ or some derivative of the device name like ‘Thermostat-A596,’, it’s very susceptible to a brute force attack as hackers simply use automated scripts to input thousands of simple combinations of letters and numbers until they gain access.
Devices can also put consumer homes at risk of cyberattack when their manufacturers don’t develop and distribute timely fixes for known vulnerabilities, or fail to take the action necessary to ensure those fixes are installed. Many developers have fallen into the trap of building devices, putting them on the market and ignoring them once they hit the shelves, leaving millions of potentially unpatched devices with known vulnerabilities just waiting to be hacked.
ADM: Tell me about Fingbox. How can consumers benefit from deploying it?
Medas: We launched Fingbox to give increasingly security-conscious consumers with lots of devices on their networks an easy-to-use, affordable network security and troubleshooting toolkit so they can take back control of their entire network. The device raised almost 1.7 million USD on Indiegogo and over 30,000 units have shipped to homes.
Fingbox offers homes first of its kind features for home networks including: Internet & Cyber Security, Remote Monitoring & Alerts, Internet Security Checks, Device Blocking & Internet Pause Scheduling as well as a range of troubleshooting features like Internet and WiFi Speed Tests and Bandwidth Analysis.
Fingbox is powered by Ubuntu Core, the Linux operating system tuned for IoT devices, which enables us to push upgrades remotely with snaps, the universal Linux packaging format, ensuring that customers no longer need to worry about updating their devices manually.
The flexibility and scalability enabled by Ubuntu Core has allowed us to take Fingbox from ideation to fundraising to production and distribution of Fingbox.
ADM: What are some common challenges in IoT device development?
Medas: With the rise of IoT devices, interoperability is always a big issue because devices don’t necessarily play nice with another or speak the same language. This is why we’re continuously improving our underlying device recognition technology through machine learning so it’s able to recognize more devices faster and more accurately.
Developing the right desired features is also an important part of building an IoT device. Each user has a different set of varying devices and list of desired features. To develop the right features, manufacturers should constantly request feedback through surveys and gather usage stats through in-app analytics to understand what features are desired and used most. The most important thing is to be customer centric, and keep your users needs at the center of your product’s feature roadmap.
A consistent approach to device security is also a challenge. In the consumer market, to improve profitability it is often the case that security features are a fatality of cutting costs. Ultimately IoT devices themselves must be acknowledged as the most critical point at which security should be considered.
ADM: Why is it essential that manufacturers prioritize building future-proofed IoT devices?
Medas: Many IoT devices are connected and then forgotten about, sitting in consumers’ homes for years. But, hackproof devices do not exist: there are only devices with undiscovered vulnerabilities, and when those flaws are found, developers must work quickly to patch them and prevent attacks.
When building or deploying any IoT device, manufacturers need to consider how existing connected devices can be built to be future-proofed to extend the lifecycle of individual products and capitalize on the ability to improve functionality over time with remote upgrading, without requiring customers to purchase new hardware.
ADM: What are some ways IoT consumer devices can be future-proofed?
Medas: We built Fingbox to be future-proofed with the help of Ubuntu Core, which enables automatic upgrades to the latest software version, ensuring that end users can receive the latest security and functionality updates consistently and seamlessly. Plus, if an upgrade can’t be completed, the device automatically rolls back to the last working software version, which guarantees it is always operating.
ADM: How can manufactures build a business beyond hardware?
Medas: This is something every manufacturer needs to be prioritizing. Through the development of apps and app stores, manufacturers can generate new revenue streams beyond initial hardware sales. For example, through Fing’s adoption of the brand store offering from Canonical, the company behind Ubuntu, we’re positioned to further monetize our device through new features, enhancements and product add-ons.
About Carlos Medas
Carlo is R&D architect of Fingbox backend and Fing embedded software, where he balances the use of proprietary native C++ software with Big-Data Apache ecosystem technologies (Hadoop, YARN, Kafka, Spark, Flink, Storm, Zookeeper). Fing was born from Look@LAN, which was a free network management and monitoring software Carlo published on the internet in 2002 for his Bachelor Dissertation titled “Look@LAN - monitoring IP nodes.”
Prior to Fing, Carlo spent 13 years at Anritsu, where he held several leadership positions. Over the last two years Carlo held the position of Big-Data and Analytics Program Manager and Architect, where he gave birth to eoMind, Anritsu’s real-time analytics platform. Carlo also holds a Bachelor of Science in Computer Science from the University of Cagliari and has completed many professional courses to enrich his skill-set ranging from Modern Data Visualizations and Story Telling, Emotional Intelligence, Agile Programming, Agile Project Management and more.
Are you paying more taxes than you have to as a developer or freelancer? The IRS is certainly not going to tell you about a deduction you failed to take, and your accountant is not likely to take the time to ask you about every deduction you’re entitled to. As former IRS Commissioner Mark Everson admitted, “If you don’t claim it, you don’t get it.
Get hands-on experience in performing simple to complex mobile forensics techniques Retrieve and analyze data stored not only on mobile devices but also through the cloud and other connected mediums A practical guide to leveraging the power of mobile forensics on popular mobile platforms with lots of tips, tricks, and caveats.
The Chirp GPS app is a top-ranked location sharing app available for Apple and Android that is super easy to use, and most of all, it's reliable.
Write and run code every step of the way, using Android Studio to create apps that integrate with other apps, download and display pictures from the web, play sounds, and more. Each chapter and app has been designed and tested to provide the knowledge and experience you need to get started in Android development.