Cellular connectivity is a great way to connect your devices to an application in the cloud. The device works right away at the customer site without any additional network hardware and securely connects anywhere in the world. What’s more, including connectivity in your service offering also provides an additional customer-perceived value to your service delivery.
The previous blog post in this security series explained which cellular security features exist to prevent common IoT device malware attacks. This post will concentrate on the attacks that require physical access to the device. One concern most IoT solution manufacturers have relates to the SIM card – and the risk that it is taken out of a device and misused by free riders to get unlimited cellular internet.
Forum Blog post
As explained in emnify’s IoT device security guide, there are four security features that prevent SIM card misuse.
1. Soldering SIM on the device - embedded SIMs
One way to prevent SIM card misuse is by using embedded SIMs (MFF2). The SIM cards are soldered on the device and will break when removed. Additionally, embedded SIMs also have other desirable characteristics like vibration and shock resistance which is especially relevant for mobile IoT use cases.
2. IMEI lock
The IMEI is the unique device identity number. By activating the IMEI lock feature, a SIM card will only function in the device it is assigned to. Best practice is to automatically lock the SIM card to the first device it connects to the network from, during the manufacturing process or at the customer site. In the event the SIM card is put into a different device, it will be unable to connect to the network.
3. Cellular Firewall
A cellular firewall can prevent an attacker from misusing the IoT device itself for unwanted services. The firewall limits the IoT device’s communication to a set of whitelisted IP addresses – meaning a device can, for example, only communicate with the IoT application and other services required for proper operation.
4. Service Limit
As a last resort, one can configure a service limit per device to prevent unwanted and unexpected network cost due to SIM misuse. A level of legitimate network traffic is set for each month. If someone tampers with the device, and creates excess traffic to the application, the device will be blocked from service until further action within the service portal.
SIM card misuse can be cause for concern for IoT solution providers. Especially when deploying devices at scale, robust security features should be ensured to prevent SIM cards being moved from one device to another without permission. By using embedded SIM cards, automatic IMEI locks, cellular firewalls and service limits, IoT solution providers can guarantee that there are no cost surprises at the end of the month. To find out more about what cellular IoT best practices to consider for your business, download our new whitepaper