Webinar recap: 5 best practices for IoT device security

12.06.2020
guide-image

The explosive growth of the IoT has dramatically increased security vulnerabilities with over 70% of IoT devices being open to attacks and global IoT security spend is expected to reach $840 million by 2020 according to Gartner Report. 

In our recent webinar, Christian Henke, EMnify's Head of Product discussed how your cellular connectivity provider can protect your IoT business from security breaches. Watch the recording and read about the top 5 best-practices you should consider to guard your organization against IoT attacks. 


You can also download the slides here

 

1. Secure Remote Access

Mirai attack vector: Remote Access via public reachable address

IoT devices in the field often need to get unplanned data from the device or service personnel need to log in. With WiFi or cellular connectivity with public IPs, attackers have a large attack surface by being able to send data to the device. With private static IP addresses and VPN offered by the cellular provider enterprises' support teams can get secure remote access to the device. Attackers cannot reach the device from outside and cannot leverage the remote access channel as they first need to pass the authorization with the cellular connectivity provider. 

2. Closing the Internet Gap

Attack vector: Data Transmission over Public Internet  

The usual data flow within cellular networks is from the:

1. device to the antenna,
2. through the mobile core network nodes  of the visited network 
3. through the mobile network of the home network of the SIM card
4. through public internet to the application (e.g. residing on AWS, Azure or Google)

Whereas path 1-3 is usually secured by the SIM card - path segment 4 is generally referred to as the internet gap because routing happens over public internet and the data is vulnerable to attacks.  

Traditionally operators use costly private APNs and IPsec to close the gap and establish a secure private network between the device and the application. With EMnify's cellular cloud platform there is no need for APNs to establish a VPN/IPsec and moreover there is also the possibility to do a secure intra-cloud connect with customers that are already in the cloud.


3. Cellular Data Firewall

Mirai attack vector: Infected Device can be controlled by attacker and attack victim (illegitimate traffic destinations)

Traditional IoT attack malware such as Mirai is trying to take control over IoT devices to be able then to attack a different victim with a Distributed Denial of Service attack. Using a cellular data firewall the cellular connectivity provider can block any traffic that is not related to the legit application. Without any software adaptation, the device can only connect to the cloud and the SIM cards become mainly purposely built for the specific IoT use case.

4. Voice and SMS Service Firewall

There have been several attacks in the past on Voice and SMS services - such as Simjacker and Internation Revenue Share Fraud. By limiting or deactivating the Voice and SMS service capability for example only to internal communication, devices are more secure. Read on the blog on voice and SMS attacks.

5. Connectivity Monitoring via Real-Time Datastreamer

Accurately measuring device data consumption and signaling pattern can help detect incidents caused by attackers, human error, or misconfigured devices. By utilizing the device, infrastructure, application, network, payload, and connectivity data – an IoT solution can be strengthened against unknown security holes.

Summary: cellular security benefits

  • Cellular is a separate network (Stuxnet)
    Devices that are on the same private LAN or Wi-Fi network as the IoT device may not be secure and cause the attacker to get in the private network. Using cellular the device is completely separated and secured from the on-premise network.  
  • Prevents Mirai attacks
    With using the cellular feature for remote access, cellular firewall and with closing the internet gap - enterprises ensure that Mirai attacks have no entry point as well as the infected device cannot do an attack. 
  • Own private network between all devices and applications
    With closing the internet gap functionality such as cloud connect or VPN/IPsec data transmission between the device and application is encrypted and secured.  

  • Central monitoring for anomaly detection
    Cellular connectivity management platforms that provide real-time network, usage and user events give central monitoring for abnormalities that can be caused by human error or a security vulnerability.