Today let’s talk about IOT and the top vulnerability according to OWASP top 10: Hardcoded passwords. With the rush to market, many IoT manufacturers are hard-coding passwords for IoT Devices to communicate with their command-and-control servers. The problem with this is that if a hacker guesses the password the hacker gets access to your whole fleet.
IoT attacks gained popularity after 2016 when the Mirai botnet DDoS attack brought down the US internet for a few hours. Since then, the attacks on IoT have grown in popularity and frequency growing to 1.51 billion IoT breaches in the first half of 2021.
While these attacks started to control many internet connected devices, with IoT taking a bigger role on everyone’s life these attacks are becoming scarier. From hackers being able to see security cameras to pacemakers being hacked and more. These attacks highlight the need for IoT device manufacturers to make cybersecurity a top concern when designing and implementing these solutions.
To help organizations secure their IoT devices, cloud providers have created IoT management systems that help companies create more secure and scalable IoT solutions. While these systems offer secure options such as password-less authentication using X509 certificates, this is not the default authentication creating further roadblocks for developers, not only the lack of documentation on certificate authentication but also developers are still required to create and maintain additional infrastructure such as the Certificate Authorities issuing the certificates.
At Keytos we are committed to making the secure way easier and cheaper to implement than the unsecure way. To help companies understand the best practices on creating certificates and embedding them into IoT devices, we have published IoT Identity best practices where we do a detail deep dive on the best practices for creating and managing IoT device identities.
While best practices and documentation do make the work easier, we wanted to go further. Today we are announcing our one click integration with Azure IoT Hub, where with one click you can set the trust between your EZCA Certificate Authority and Azure IoT Hub. This will take care of all the security setup and your developers can go back to doing what they do best: Creating amazing IoT solutions. Schedule a meeting with one of our security experts for a free IoT security consultation.