Locking Down IoT Devices
Contents
Summary
After a device manufacturer realised their customers were connecting their IoT sensor directly to the internet, we helped them lock it down and secure it against remote attacks.
Client need
We worked with a customer building embedded systems products that require remote management, often over the Internet. The threats from the Internet could result in denial of service to the end customer, and reputational damage for the manufacturer.
What we did
Drawing on our experience in both systems security and embedded systems development, we enumerated and tested the relevant attack vectors, using industry standard tools and our own tooling. We revealed the softest attack paths, as well as identifying numerous hardening options to provide defence-in-depth – key when putting devices on the open Internet.
Client benefit
Our findings allowed them to understand the risks to their business from their current architecture and seek immediate stop-gap remediation to reduce some of these risks. This also helped them to understand the shortcomings of the current architecture and begin a programme of work to move to a design that provides them a competitive advantage in their market.
The project has now moved onto development – we’re helping them build a cloud portal to manage all deployed devices.
