Blog post -

The Hacked Jeep is not alone

As I wrote about in the blog post “Demystifying Security and Identities for Internet of Things” it is essential to implement security by design. The recent article in Wired shows how the threat is real and even though causing accidents might not be the prime target it points out that we need to take what we have learnt when opening up systems and API to the IoT world and not just care about remote access to IoT, its also about how different objects in the near perimeter act and are authorized to act.

The Chrysler example is just one of many and I’m sure we will see a lot more in the future and attacks and vulnerabilities that can have a major effect on financial systems and national security.

What the article also points out is the area of Life Cycle Management, IoT needs to have Life Cycle Management and be have the capability of updating the security technology and policies in place at the device. In the Chrysler case it has issued a recall of 1.4 million vehicles to address the issue.

Just as a reminder, 5 steps to help you address IoT security

  1. Activation of Objects
  2. Provisioning of Identities to Objects
  3. Authentication of Objects and Authorization of the Access
  4. Secure Transport of Data from and to and object and Security of Data at Rest on the Object
  5. De-activation of Objects including revocation of identities, clean-up of data and reset of the object

/Per Hägerö

CTO

Related links

Topics

  • Data, Telecom, IT

Categories

  • technology nexus

Regions

  • England

Contacts

Related content

  • The IETF #93 meeting is wrapping up and it was a great week

     An very intensive Internet Engineering Task Force (IETF) week in Prague is just winding down. It’s been a great week in warm and welcoming Prague. IETF works on the specifications that together form the Internet and IETF attendees meets three times a year to try to make the internet, slowly but consistently, a better place. The gathering consists of quick presentations and long discussions in

  • Mobile app authentication by using Hybrid Access Gateway

    Traditionally authentication in mobile apps is not much different from authentication in web applications. However there are some key differences in mobile apps
    The UI is not build up on the server side so any changes to the UI (e.g. new authentication methods) requires new version of the application to be deployed. These kinds of things take time and focus from the actual app development. For