The running joke is that the ‘S’ in IoT stands for security... because it's never there. But safety and security is something you will need to think about at all steps of your design process. There are going to be billions of IoT devices on-line around the world, many of which will be connected to the internet, and almost all of them will be unmonitored.
A 2015 survey by authentication service provider Auth0 found that 85% of IoT developers admitted to being pressured to get a product to market before adequate security could be implemented. And if you are an engineer, you’re probably used to that pressure to get a product to market, in which case selling features often get more attention than security.
With more and more of these connected devices being rushed to market, they’ve become a lucrative target. The 2016 Mirai botnet attack used unsecured CCTV cameras that were connected to the internet to launch a crippling denial of service attack. That one wasn’t even using the cameras to spy on people. The malware was just using the TCP/IP stack of the embedded Linux device to send lots of junk traffic.
And we’re not even getting into the hacks that could really threaten human safety like remote-controlled ovens or self-driving cars.
So while it might not seem like a big deal when you have an unsophisticated IoT device that has a temperature sensor and a modem, that device could be used as a launch-point for a coordinated attack. And if you do have sensors like cameras or microphones, those could be remotely enabled and turned into listening devices.
Having security as a priority for your engineering and marketing team will not just help you sleep well at night. As we’ve seen with the European GDPR regulations, privacy and security are being legislated. Having poor security will now get you fined and banned in the marketplace. It’s nearly impossible to add security after the fact, so if you want to avoid a devastating recall - listen up and take security seriously.
Before we start looking at attack and defense mechanisms. Let’s talk about why your hardware might get hacked. Knowing what people want to do with your hardware will give you a sense of the actors involved, and their motivations.