DEV Community

hIOTron
hIOTron

Posted on

Four Easiest Ways to Build a Secure IoT Device

Day by day many Internet-connected devices have found their way into our homes and businesses hence it is necessary to keep in mind that they also present a security risk. The Internet of Things (IoT) is developing rapidly and in the race for convenience, privacy and safety are often a second thought. There are 5.5 million new things getting attached every day in 2016, as we move toward more than 20 billion by 2020, as per Gartner.

Assuring Industry security in the face of this trend should be the biggest concern for businesses. Developing an Internet of Things (IoT) product that is secure and feasible today and to the future, will takes time and expertise. Here are a few easy ways by which IoT products can be made more secure.

Choose good passwords and a distinct password for every device:

It is essential to select strong passwords, but also make sure that you select a completely different password for every device. Reusing a password is not a good practice so you can use a password manager to maintain track of all your passwords. Most of the automated IoT devices available out there were unsafe because they had hard-coded, default passwords. They had a well-known admin password allocated for telnet access or a web dashboard and when they were actually changeable, users or installers wouldn’t know sufficient information to modify them.

This left huge devices out on the web that anyone could log into if they had advance knowledge of the default passwords. And hence such practices could lead to the formation of one the largest botnets ever constructed known as a Mirai, which led to one of the biggest Denial of Service (DoS) attacks the internet has ever spotted. With this perspective, every device comes out of the factory with various login credentials and if you don’t have a physical approach to the devices, you can’t know the default.

Close all the Ports and turn off Universal Plug and Play

Unfortunately, the UPnP can make routers, cameras and other devices at risk of attack. It is outlined to make it simpler to network devices without configuration by supporting them automatically find each other. The main concern is that hackers can also possibly recognize them from beyond your local network due to susceptibility to the UPnP protocol.

Hence it is better to turn it off completely. Many IoT devices utilized in IoT botnets had open telnet ports. This uncertain service enabled the manufacturers to remotely log in to these devices for support, maintenance or to make the modification to the fundamental operating system. It’s better to observe outgoing TCP/IP connections to trusted hosts. This would have prevented the network from as it utilized open telnet and SSH ports to infect its hosts.

Make sure you have the latest firmware

If you want to make assure that you have the updated current security patches and will minimize the chances of a successful attack, then you will require maintaining your firmware completely updated. Risks and exploits will be confirmed as they evolve, so your IoT devices (https://www.hiotron.com/) and your router require to be daily updated. You can check for this by automate the system wherever is possible or set a schedule to check for the latest updates every three months.

Construct Secure Web Applications

There are a huge number of IoT devices that have a web server built-in. This generates the device a substantial standalone platform: With the help of the IP address of printer or security camera and the user can easily handle the device or view its status from any browser without a requirement of manufacturers to supply ongoing cloud services.

Let’s see one of the examples related to this. In March 2017, Dahua which is a large manufacturer of security cameras and digital video recorders (DVRs) equipped a security patch for various devices to solve a concern with the embedded web server on their devices.

The concern empowered a hacker to utilize a carefully designed URL to take off all the usernames and passwords for the device. These risks essentially opened up the functionality of each device to anyone attached to the internet. With keeping the following things in mind, it is important to have a system in place to make quick updates to web apps when it’s needed.

It is essential to give proper attention during the development phase by which IoT devices can be made to consider and receive software updates so that future issues or bugs can be effectively patched and devices are maintained over their full lifecycle.

IoT Training (https://www.hiotron.com/iot-training/) will help you to give a complete view of IoT Concepts.

Top comments (0)