“It takes 20 years to build a reputation and a few minutes of cyber-incident to ruin it.” - Stéphane Nappo. This blog post explains the critical points of securing IoT devices remotely.
Time to read:
And Stéphane is 100% correct. To make matters worse, it may not even take minutes to launch a cyber attack into an unprotected end-device or a server nowadays. With the recent boom in the IoT industry, the number of devices that are vulnerable to cyber attacks are increasing exponentially, every day. One of the most vulnerable types of devices are the small scale edge IoT devices that run some sort of an operating system such as embedded Linux.
Generally, it is believed that Linux is one of the most secure operating systems that are difficult to gain access to; provided that the endpoints are sufficiently secured and all the loose ends are tied. However, when it comes to IoT edge devices that run on Linux, this may not be the case at all times. Therefore, in this post, we’ll be discussing why securing Linux IoT devices is one of the major important tasks in developing, deploying and maintaining IoT products.
Linux operating system has found its way into almost every IoT device nowadays; from smart washing machines to self-driven automobiles. However, the operating system, just like any other, is far from perfection. Attackers are constantly trying to find backdoors and vulnerabilities of the operating systems to exploit them and cause all kinds of mishaps.
There has been a number of incidents that have involved hacking into embedded IoT systems; one of the most popular being a demonstration of the hacking of a building control system by the team Red Balloon Security . They have demonstrated how easy it can be to hack into the system and make a fan overheat, causing a fire hazard. Red Balloon has also demonstrated hacking into a Cisco telephone, providing easy access to listen to both parties’ conversation without even alerting them.
Also, it’s worth mentioning that not only Linux, MAC OS or Microsoft Windows devices are susceptible to attacks; but also any type of smart IoT device that has some form of communication medium which can be used to gain access to the system.
Just like a computer or a laptop, enforcing the security of an embedded device running Linux or a derived operating system starts with a good, strong password. After doing so, you may follow the below steps to further secure your IoT devices.
Using a more sophisticated, hard-to-break SSH key pair to establish communications with your Linux IoT edge device can greatly increase the security of the device.
Keeping your system and its software packages up-to-date can greatly improve the security of your Linux devices. These updates may consist of not only new features, but also bug fixes and security patches for any vulnerabilities the current version may have.
Except for the ports that are in use, you can add firewall rules to force block the unused ports, thus protecting your Linux devices from port scanning bots lurking out in the world wide web.
At Upswift, we offer you an all-in-one solution for managing, controlling and monitoring your Linux edge devices. Along with it, we offer you a set of security features that you can use to secure your Linux IoT devices remotely such as a CVE (Common Vulnerability Exposures) analysis tool and an Authentication monitoring tool as well. While these are passive security features, a set of active security features are also currently under development and will soon be available to the general public.