Physical security in IoT

What matters, what doesn't?

by Lukas Knuth
1 minute read

No amount of proprietary screws or complicated locking mechanisms for your device will reliably keep its internals safe. As with apps, they are deployed into hostile territory, no secrets are safe on the device.

An alarming number of devices on the market today ignore this fact and use default users and/or passwords, which are often shared amongst every device from a product-line. As soon as these credentials are found out, they are available freely on the internet. Using default credentials circumvents an integral security aspect of these systems, which inevitably leads to less secure devices.

Leftover serial connectors or debug headers on the production hardware make accessing any software running on the device simple. Sometimes, these interfaces can even be used to gain full control over the hardware, to the point where it could run entirely different software. This can open even the most fenced-off device to a very thorough examination, underlining once again that security is not where you should cut costs.

A brief checklist:

You have questions or need help with a project? Drop us a line!

more insights