Global Sources
EE Times-India
Stay in touch with EE Times India
EE Times-India > RF/Microwave

5 common IoT security mistakes

Posted: 29 Jul 2015     Print Version  Bookmark and Share

Keywords:Bluetooth  Internet of Things  IoT  security 

Security and privacy concerns are increasing as more smart products enter the market and advance connectivity to different users. Working with more than 26,000 member companies, the Bluetooth Special Interest Group (SIG) discusses five typical setbacks that emerge during the development of a new product and its security strategy.

1. Assuming security is a hassle

Security gets a bad rap for being cumbersome to implement. Legacy security processes that left developers and consumers with bad memories also resulted in outdated practices.

For example, developers are often under the false impression that Bluetooth pairing is a challenging burden for consumers. A lot has changed in pairing since 2004. Updates to the Bluetooth specification have not only made the process of connecting devices simple, but also more secure with features that cover encryption, trust, data integrity and privacy of the user's data. Depending on the user's requirements and the capability of the device, Bluetooth provides several options for pairing for a user-friendly, secure connection.

The latest version of Bluetooth Smart technology builds upon the government-grade, Federal Information Processing Standard (FIPS) compliant security features to offer AES encryption, Elliptic Curve Diffie Hellman (ECDH) cryptography and new low-energy secure connections. While many implementations might not require ECDH key generation or 128bit AES encryption, Bluetooth offers the ability to implement this high level of encryption as the developer sees fit.

2. Lack of education

A common misconception is that beacons track people or users. All beacons are actually capable of doing is sending out a broadcast signal. While an application on a smart device might be able to assess a user's progression through a store based on whether or not a device receives a message, the only personal connection to that information comes when a user downloads and activates the application. The beacon itself doesn't do any collection of data.

Clarifying the interactions, and ultimately the security factors in place and how consumers have control of their security, can quickly address many of the common fears and misconceptions. For example, Bluetooth pairing is more than just a method to establish device connection. It's also a security measure put right in the hands of the users.

3. Ignoring consumer access

Giving consumers easy, transparent access to their security puts them squarely in the driver's seat and gives them confidence that their device interaction is secure. For instance, the ability to turn on and off location-based services for each specific application enables direct control and allows the user to decide what the app can and cannot do. When building the next smart product, developers should consider ways to enhance the user's access to control.

A new feature in version 4.2 of the specification makes it difficult for eavesdroppers to track a device through its Bluetooth connection without permission. This feature causes the MAC address within the advertising packets to be replaced with a random value that changes at timing intervals determined by the manufacturer.

1 • 2 Next Page Last Page

Comment on "5 common IoT security mistakes"
*  You can enter [0] more charecters.
*Verify code:


Visit Asia Webinars to learn about the latest in technology and get practical design tips.


Go to top             Connect on Facebook      Follow us on Twitter      Follow us on Orkut

Back to Top