Blogginlägg -
Internet of things (IoT) - interview with Blagoj Kupev
“There are an estimated 8 billion IoT devices on the market today. After 5G becomes available this number will skyrocket” – says Blagoj Kupev, Vice President of Embedded at Seavus. He will share his experience and expertise in implementing IoT devices at the breakfast-seminar on May 31st in Stockholm, with a special focus on safety and security.
This interview was born from curiosity to find out what it takes to have an IoT ready device in a world of information leaks and hacking attacks.
What are the main challenges of implementing an IoT device?
One of the biggest challenges is to create a device that is difficult to misuse and it will serve its primary function without a possibility to introduce a malicious functions into his “behavior”. If there are no existing protection mechanisms, some of the consequences may include information leaks, private information abuse or, in worst-case scenario, the device itself can be used to make material damage or casualties. For example, think of an IoT highway information sign that says the speed limit is 220 km/h while the road conditions are terrible – imagine the level of risk all vehicles will be put at.
So at what moment can we say that a device is IoT-ready?
Well, the definition says that an IoT device is ready the moment you are ready to connect it to internet following all telecommunication protocols for use of the network on which the device will be attached. This means its basic functionalities are operating as designed and communication protocols are in place, thus it can communicate a message the way we want it to be communicated.
However, before we say that a device is ready to be exposed to the internet ‘sharks’, we should make sure that it is safe and will not make any harm to the users or the neighboring systems.
Who has access to the device once it is implemented? Also, how high is the risk and what can be done to minimize it?
During the design and production process, only the team working on the device has access to it. However, once it gets connected to the internet – anyone with internet connection will be able to access the device, analyze its functionalities and attempt to exploit them.
As for the risks, there are several factors that can influence the level of risks an IoT device can have. Primarily, it depends on its popularity. No one would invest time, money or energy to hack a device that is used by only 2-3 ordinary people in the world. On the other hand, if millions of people use this device (like Alexa, for example) – having it hacked may cause tremendous damage to the users. The same goes for institutions that have only one such device which contains sensitive and confidential data, like government institutions, banks, power stations, army installations etc. They require the highest security level possible, thus having their systems hacked could causelarge-scale damage in form of information leakage or system’s misbehavior.
Minimizing the risks can be done in several ways. One of them is to make a thorough plan prior system implementation. This entails selecting proper system components and evaluating areas in which cost savings will not introduce significant risks. It is important to use high quality and already proven subsystems for building the device. There should also be an additional focus on implementing the IoT functionalities using worldwide proven good development methodologies. If there is a need to develop system that should have an excellent robustness, then strict focus should be set on using advanced development methodologies and procedures. Using strict coding standards will minimize implementation errors. Next, you will have to verify all implemented source codes and verify the systems as much as possible. Do not forget the side channel attacks for they may cause unforeseen problems if disregarded during the whole process.
More on this topic will be covered during our seminar talks where we will cover other areas apart from security and good development practices.
I suppose there is no hacker-resistant device regardless of our efforts to advance it. Are there any epic hacking scenarios in the course of IoT history?
All those information leaks we have witnessed have slowly turned into urban legends – everyone talks about them, but no one admits they have happened or that sensitive data has leaked. There have been several legends that stand as an example of how easily some sensitive information about military secrets, government information or corporate strategies could be leaked. One such example is the hacking of the Sony PlayStation credit card network in 2011 when hackers got access to 77 million users.
How big of an investment is the implementation of an IoT device?
That’s an interesting question. It mainly depends on the level of complexity of the device needs and level of potential risks mitigation. We have to take all criteria into consideration and according to them we can estimate how much the device will cost. Of course, at the end of the day we have to bear in mind the danger of having the device misbehaving and whether it is worth the investment at all. This is crucial for many types of devices, such as medical equipment or other devices on which people lives depend because we put their lives at risk if they get misused or not working properly. In contrast, if the device is an electric bulb at our home, then there will not be that much of a damage if it gets turned on or off by a hacker.
All in all, the investment may cost from tens of thousands to millions of euros – depending on the security and safety levels needed. I would like to add that it is very important to realize the challenges and risks of implementing an IoT device. Only then we could use its functionalities to the fullest.
Finally, what has been your greatest challenge at Seavus so far?
For me personally, it has always been thought-provoking to predict what may be the next attack on a device in order to be prepared when it happens. For that reason, what we constantly work on at Seavus is expanding our 15 years of experience during which we have learned the most subtle methods of attack that have helped us build a system that will combat. We also work on developing new defense mechanisms that will create a hacking-proof and safe device.
Security is the most important feature we pay attention toin all our embedded systems. We also provide fast end effective solutions to unforeseen bugs or weaknesses because hackers find more and more inventive methods to hack a device. We offer consulting but also end-solutions that will help our clients stay safe and use their IoT functionalities to the fullest. It is important to upgrade the software of the IoT device before a certain hacking method becomes popular so that it does not become one of its victims. It is a never-ending story: when the mouse gets smarter, you need to find a smarter cat that will outsmart it. That is the beauty of progress – it never ends.
