Secure IoT communications

Avoiding chatty APIs and plaintext data transfers

by Lukas Knuth
1 minute read

Very few IoT devices aren’t connected to the cloud or a mobile app. On the contrary, these connections are usually part of the product. That’s why security concerns should extend to these companion systems as well.

Security begins with the communication between these systems. Here, strong industry standard encryption mechanisms and protocols should be used. But they’re just tools. The real asset is a concrete understanding of how these tools are to be utilized correctly.

The next important link in the chain is a secure cloud backend. The challenges faced here are very different but just as important, because successfully attacking a cloud-application can compromise every device or user that communicates with it. Today, information is power and stealing information is a booming business. In this world, a carelessly implemented API endpoint that leaks customer data is a serious threat. Once found, draining these leaks can be automated. Aside from legal consequences, this can seriously damage a company’s reputation.

It’s commonly accepted that security by obscurity or secrecy can not work. Hoping a system might seem too complicated at first glance to discourage any attacker is futile. This is usually paired with a misunderstanding of how secure the code of an application is, once it’s downloaded onto a user device. Apps are deployed into hostile territory; no secrets are safe. Tools for Decompilation and Deobfuscation are available freely on the internet. 

Last but not least, be aware of accidentally leaking meta-data about your user’s habits. For example, it’s easily conceivable that a device which controls the light in a user’s home could make a network request every time the light is switched on or off. Recording this meta-information over long periods of time can paint a very clear picture of a user’s daily routine.

As a bit of advice:

You have questions or need our help with a project? Drop us a line!

more insights