The advent of IoT devices in the connected home has provided increased convenience to consumers. However, it also leaves consumers vulnerable to cyber-attacks on account of poor or substandard security and design practices from ODMs designing IoT products for the connected home.
GainSpan takes pride in providing a comprehensive set of security tools for our customers. These include using industry standard encryption protocols such as TLS1.2 for end-to-end security of data transmission and over the air security using Wi-Fi Protected Access (WPA2). We also support a comprehensive suite of EAP/PEAP methods for Enterprise networks that provides banking level security.
We offer a number of Application Development Kits (reference designs) for easy development of certain features such as video cameras, music streaming, provisioning IoT devices on the home network, etc. All these reference designs are intended to be used by the ODMs as a starting point to minimize their development effort and provide a fast time to market. ODMs typically make changes to these reference designs to adapt to their specific use case.
Security is a major concern in applications wherein the IoT device is physically accessible to a malicious party e.g. door bells, security cameras, thermostats, etc. GainSpan recommends that while designing such applications the ODMs make use of the security measures provided by GainSpan. These include:
- Not using open networks while provisioning. GainSpan recommends that customers use a per device unique passphrase for the Limited AP network being created for provisioning using WPA2 security
- Not sending network credentials in the clear text. This is highly discouraged as it easily gives network access to malicious parties
- Erasing all the customer credentials and information while resetting the IoT device to factory default settings
- Using industry standard TLS1.2 encryption for transmission of all data from the IoT device to the cloud and/or mobile devices. This prevents malicious parties to decrypt the data even if they are able to eavesdrop on the transmission
- Updating the encryption keys periodically so as to prevent the risk of keys being accessed by malicious parties
- Using digital certificates for verifying the server’s authenticity before performing firmware updates. This ensures that your IoT device is being updated by the intended server
The security measures highlighted above are available to all of GainSpan’s customers. We recommend that ODMs use all or most of these security measures that are applicable for their IoT end product.