December 1, 2016
While internet providers play a role in securing the Internet of Things (IoT), manufacturers hold the primary responsibility in this area. Over the years, the folks who manufacture video game consoles have learned some pretty hard lessons about security vulnerabilities. As a result, your Playstation 4 just might be one of the more robustly secure, connected devices in your home.
Because IoT is such a comparably newer technology, they haven’t had the chance to learn from painful experiences the way that gaming manufacturers have. Although, that is becoming less and less true as stories begin to surface about hackers gaining control of IoT devices.
If IoT manufacturers want to improve security, here are 7 lessons they can learn from the gaming industry:
Secure The Boot Process From Hackers
Every hacker knows that once you break into the boot process, you can pretty much control everything. Video game manufacturers know this and use security keys to validate the boot process every step of the way. IoT manufacturers need to do the same thing in order to ensure that hackers cannot gain control that easy.
Run Online Piracy Checks
Software that is improperly licensed or that has been ‘jailbroken’ can cause significant security risks. This is why game makers often run over the air piracy checks. These checks ensure that no unauthorized software has been installed, and that no updates have been made by anyone who is not authorized to do so. If anything is found to be out of the norm, the affected system can be cut off. This ensures that nothing malicious can be sent back to the vendor’s systems or to other devices.
Use Trusted Platform Modules
This micro-controller is built directly into the IoT device’s computer system. It uses crypto-keys to validate communications between the device and the vendor. By including this feature, manufacturers make it easier to build in security checks that further protect the device and the information being communicated back and forth
Use Hypervisor as a Security Layer
A hypervisor is an operating system that acts as a buffer between the hardware and the virtual operating system. Essentially, it is an extra layer of security. Let’s say that a hacker manages to hijack the version of Windows Virtual Machine that is running over a smart security monitor. The presence of the hypervisor prevents them from accessing the actual hardware itself as it now does with the latest gaming monitors.
Encrypt to Secure Memory And Storage
Memory is typically used to store information that is often valuable to hackers. In the gaming industry, one very common way for hackers to exploit this is to use the information to gain extra lives or access levels they have not purchased or earned access to. Game makers have done a pretty good job of tightening these loopholes by using encryption. By doing the same thing, manufacturers of IoT devices can protect unauthorized access as well.
Add Signatures to Firmware Updates
By adding a specific security module to the processor, IoT makers can embed a manufacturer’s key and protect that key. Then, any software that is installed or updated must contain a matching key. What this accomplishes is it stop hackers from installing malware that has been disguised as firmware updates. Basically, if they don’t have the key, the update isn’t installed.
Patch Security Holes With Over The Air Updates
The software industry has done a lot to automate the update process. In fact, it does so while requiring no human intervention by using automated tools. What this does is ensure that security updates are able to plug any vulnerabilities automatically. By adopting this same policy, IoT manufacturers can get security patches out to their devices without waiting for consumers to initiate or even okay the update.
According to ZDnet, it can take a hacker only minutes to access an IoT device. That’s pretty frightening considering that these devices can provide intruders with access to some of the most vulnerable places in our homes. Hopefully, the IOT industry will follow in the footsteps of the gaming industry to build in as much security as possible.
Did you like this article?
Get more delivered to your inbox just like it!