We have more and more devices than what is known as the Internet of Things in our homes. They are televisions with access to the network, video players, smart light bulbs, smoke detectors … Anything that we have connected, basically. But of course, the main problem is the security and is that many of these devices have vulnerabilities. Will the appliances we have at home be safer? We are going to talk about this in this article.
IoT devices, a security problem
We have seen many cases in which a hacker takes advantage of a security camera, a smart plug or any device that has a security flaw. This allows you enter the network and to be able to reach other devices and thus take control.
But what are the main problems? Many of them come from the factory with vulnerabilities. For example, not allowing a password or having to keep the default one. Also known bugs that do not have patches to correct them. All this causes them to be exposed on the net.
This seems to be changing soon. A report by Orange, which they called IoT SAFE, has shown that collaboration between network providers and IoT device manufacturers is essential. This can enhance safety and reduce the risk of problems.
The main idea, what they consider key in all this, is use a SIM card as a keystore and store strong passwords there and be able to manage them. This means that we will not have to share our keys with a manufacturer we do not trust.
With IoT SAFE they intend to cover a large number of cryptographic services directly with the SIM card. The fact of using this type of card is because the SIM is very well protected against physical attacks. In addition, they are standardized and many IoT devices have support for this type of card.
How they will improve security
They have made an example and have called it Zero Touch Provisioning. It consists of the network operator remotely installing IoT SAFE when the user turns on the device. Later, it tells the applet to create a key pair, which would be a private key to be stored safely on the SIM card, and a public key pair that is sent to the server.
This server is responsible for generating a new client certificate and sends it back to the applet. The IoT device, after this, establishes a secure connection to the cloud through a TLS session. Also, in case there are suspicions that the device has been compromised, the credentials are removed remotely.
But beyond this, it is also possible use IoT SAFE to store critical user data on the SIM card or authenticate the software before starting it to prevent malicious code from running.
Ultimately, the objective of the IoT SAFE initiative is to make Internet of Things devices more secure. Without a doubt, it is something that should improve for next year and that it will not be a real problem for home users who have these devices. For now you can see tips to install IoT equipment safely.