The security industry (intruder, fire, CCTV etc.) has a golden opportunity to show the IoT space exactly how to make connected devices safe - irrespective of communications technology used (fixed line internet or radio).
Here is an essential guide to determine whether you are buying into a safe system which will protect you in the long term.
The risk models for signalling devices
Every alarm transmission service provider makes a signalling device. Any signalling device goes through many stages of exposure to insecure environments which can result in examination or tampering by a malicious third party throughout it's lifetime:
- Shipment into manufacturers stock.
- Shipment to installation company.
- Shipment from installation company to end user.
- Maintenance visits from field engineers.
Make sure your provider has catered for all the Risk Models and is not relying on the intruder detection system and tamper enclosure to make the device safe.
Encryption key management
Protecting the method of encryption and the keys themselves is critical. There are three critical issues at play:
1. Exposure of the encryption key.
2. Whether the key is the same for every device.
3. Whether the key can be changed per device.
Keeping a key secret is the first step, but the initial key used must be delivered to the device during/post manufacture. If the key is the same for every device then the risk of compromise across all manufactured product is high. The ability to have a different key per device is a big help, but the ability to change the key per device after the installation/commissioning process and on a regular (but randomised) period is necessary.
Failure to protect the key at any stage is dangerous. Exposing elements of the key and its methodology in documentation or packaging is a serious risk. Not changing the key post installation on a regular basis will result in devices becoming increasingly more vulnerable as the hacker has time to crack the system.
Remote software upgrades - local flash insecurities.
Network equipment (routers etc.) and your own PC, Mac or server are all upgradeable remotely. The reason they are is to quickly deploy security updates or feature upgrades to system en mass. Without remote updates the costs to IT departments and users (through interruption) would be catastrophic. The same applies to security signalling devices. European and UK standards require that remote access, maintenance and upgrades are protected by similar means to the alarm transmission.
The alternative to remote upgrades (locally upgrading via a PC or other device) over an encrypted internet or radio path is far worse and exposes the signalling device to considerable risk.
1. Software needs to be downloaded from a website or other service.
2. The software might be downloaded without any encryption, making the code relatively visible to a hacker.
3. The software is loaded onto an intermediary programming device, prior to being loaded into the signalling device. This may mean that the new software could be modified and then distributed to many other parties, perhaps to compromise many other systems. If the software is loaded onto a PC this could in itself be remotely compromised and the new code modified even without the knowledge of the installer.
4. The installer visits site to perform the upgrade on the signalling device. The intruder alarm system is in the unset state and the device is either exposed without the tamper proof enclosure, or removed from the enclosure entirely.
5. The new software is downloaded to the device via the flash programmer. It may be unclear that this is maliciously modified code.
Cost time bomb
If a system is found to be compromised and the signalling device does not have a secure methodology for updating, installers will be required to attend site to update.
Legacy time bomb
Systems which have been deployed in the last 5-10 years which do not have encryption key management or remote updating capabilities are a poor legacy. The last ten years have seen multiple attacks/hacks on the biggest brands and security of connected PCs and devices has been high on the agenda for this last decade.
When selling security signalling systems, installers should look for products which protect every Risk Model, which have an automatic and regular process for changing encryption keys, and that have legacy products that are backwardly compatible with the latest software updates.
Ignoring these important rules will cost manufactures, installers and monitoring stations their hard earned reputations.
At WebWay we work every day to mitigate the risks for our customers. Security and reliability are at the centre of any development. We understand that risk starts at the moment we build the device, and continues throughout the lifetime of the system - from manufacture, to stock, to engineer and installed environment. We don't build technology for technology's sake - we innovate to protect your customers and your reputation.