Securing the future of IoT
Whether you know it or not, we are surrounded by the Internet of Things (IoT). In this article Tom Canning, VP of IoT Devices at Canonical, explores how we navigate through an invisible IoT network, surrounded by device to device communications as different devices and objects trade commands and exchange our data with one another.
This is the era of smart devices. Smart homes where everything can be controlled by the touch of a button, connected cars that can detect potential hazardous road conditions and communicate with each other, and the ever-growing marvel that is robotics that are automating once static devices.
In the case of smart homes all this connectivity makes our lives easier and ultimately more efficient. Our homes can become aware to our personal preferences, gas and electric bills can be reduced due to increased efficiency and the precious environment is all the more greener as a result. But this explosion of connectivity is also unmatched in its risk.
Smart does not inherently mean secure, and with the millions of devices privilege to our personal information and data, the prospect of hackers infiltrating the intricate web of connectivity in our homes presents a serious threat to security and the well being of our households and families.
This is why IoT device manufacturers must build with a ‘security by design’ mindset and this begins by selecting a robust operating system that is both secure and ready for future market demands. Devices need to not just protect but future-proof home networks. As malicious actors are constantly evolving their activities, businesses must be flexible and proactive in their approach to security, shedding the old hardware centric view of IoT security.
Additionally, businesses risk missing out unless they differentiate on software defined features. Software maintenance must also increase to align to the lifespan of a hardware device in order to stay relevant in the world of IoT and usable to the end user.
Apps for IoT
The Internet of Things is the gateway to the future, but like any gateway, unless somebody or something is standing guard then anyone can walk in and tamper with your belongings. That’s why Fingbox, the IoT home networking security and troubleshooting device by Fing, armed their hardware with Canonical’s Ubuntu Core Linux based operating system to help it secure and protect tens of thousands of homes.
Ubuntu Core not only increases and enhances Fingbox’s hardware security but also provides the necessary future-proofing by providing all of its software components in a secure and modular packaging format called Snaps.
Snaps are containerised software packages easily managed through Snapcraft, a platform developers can use for building and publishing snap based applications. Snaps enables developers to push software updates that install automatically and roll back in the event of failure. The likelihood of an improper update breaking a device or degrading the end user experience as a result is greatly reduced.
If a security vulnerability is discovered in the code used by an application, the application publisher is notified so the Snap can be rebuilt quickly with the supplied fix and pushed out in a controlled and managed fashion In the case of smart home devices, rolling out a security patch seamlessly without disrupting people’s home life is a great advantage. As external threats are ever changing, and their degree and methods of attack vary, the modern home security network demands an agile and reliable solution that the home user can manage.
Snaps are just one example in an emerging trend in IoT that is shifting from the traditional attitude towards embedded devices as being hardware centric and a single fixed function purpose. In the past, once a device was deployed to the field, for example to help monitor performance and boost efficiency on a factory floor, there were minimal mechanisms to quickly deploy any feature updates or address any newly discovered security vulnerabilities. Hardware can no longer be static and vulnerable in the smart era of IoT and device manufacturers are starting to realise the need for multi-functional, software defined capabilities.
Ready for the future
There is now a keen focus on updating and extending the functionality of IoT devices similar to what we’ve all become accustomed to with the modern world of mobile devices and the smartphone. In this approach, companies can create and publish new applications and services via their own branded IoT app stores and extend device lifecycle as well as increase customer retention and revenues.
The app store approach also encourages the creation of licence models and revenue streams based on specific feature enablement and user behaviour. For example, Tesla can remotely configure their cars to enable self-driving capabilities in different models. Likewise, IoT devices can allow for mass customisation of devices based on specific customer needs, licensing and market demands for a device manufacturers brand specific offering.
Devices equipped with the ability to properly support revisions and updates of applications typically have lower support costs too. The fact that applications can automatically update to new operating system or application versions, means businesses can be assured that all their users are on the latest and supported version. Rollback features can also give hardware components such as webcams, security cameras, and other connected devices an added layer of security, in case the hardware is ever compromised through improper software distribution. The previous high profile exposures of security attacks such as Meltdown and Spectre show that unfortunately there is no magic bullet to security.
The damage and disruption an attack of this nature could do to our increasingly connected homes would be substantial. As people rely ever more on connected home devices, the downtime of our appliances, like the heating, water or refrigeration needs to be minimal. Therefore an attack response must be able to keep systems operational as they move through a stream of software updates to protect against any unwelcomed threats. It is no longer the case that you can write software once and expect it to be secure and bug free forever. Software will fail, it is how a quickly and comprehensively a business can respond to that failure that is key and a true business differentiator.
Secure the device now, secure your business for the future
Despite hardware security being crucial to home network security, companies are still not paying sufficient attention to securing their defences. Instead device manufacturers place the responsibility on the end-user to monitor the security and safety of their home networks. This is not sustainable in the smart era of IoT.
With the arrival of the IoT application approach, the security burden can be taken off the end-user and homeowners as well as businesses, can now trust a single piece of hardware as it silently stands guard, updating and remediating any security issues that might arise.
Modern IoT devices demand heightened security. As the world becomes more dependent on smart devices to operate critical pieces of infrastructure, whether that be in your home, your car or on the factory floor, device manufactures need to provide hardware not just for the issues of the day but the issues of tomorrow. Future proofing devices will become the standard for IoT security. It will also lead to the creation of new business models and additional revenue streams thanks to the extended lifecycle of devices.
If businesses can future-proof their devices, then they will future-proof their business for years to come.