Today’s blog entry is from our partners at Weaved.
Weaved is a cloud services company that provides nearly 4 million IoT device connections per month over the Internet. We published a joint press release in April, announcing the partnership between SafeLogic and Weaved, and describing how we are working together to make the IoT secure.
The Internet of Things holds tremendous promise for driving the next wave of economic growth for Internet connected devices and applications. Our smart phones have become the remote control for our lives and give us access to the Internet and our networked devices 24/7. It’s easy to see that soon nearly every industrial and consumer electronics product will require some kind of app control as a standard feature. Unfortunately, the Internet remains a publicly-accessible and unsecure environment for devices and every network is only as secure as its weakest link.
Right now, IoT devices are notorious for being that weakest link. They have earned this reputation by ignoring security best practices and focusing only on local connectivity. As a result, malicious tools have been developed, like search engines on the public internet that scan and search for open ports on devices. So for mass market consumer adoption of IoT, device makers must really step up their efforts to apply some well established security best-practices and win back public trust.
At SafeLogic and Weaved, we believe that a common sense approach to security in IoT must include:
1. No Port Forwarding and No Open Ports on Devices
Port forwarding allows remote computers on the Internet to connect to a specific device within a private local-area network (LAN). It’s an open door to your LAN from the outside and there is a surprisingly large installed base of devices that use this technique. Weaved has developed a proprietary method of addressing and securely accessing any TCP service (Port) over the Internet without the use of port forwarding. With Weaved’s technology, ports can even be shut down and appear as invisible to malicious “port-sniffers” and search engines.
2. Trusted and Validated Encryption End-to-End
A lot of IoT devices today are storing or sending data across the Internet with weak encryption or even in the clear. Even trusted companies like Skype have been criticized for allowing unencrypted media in their data path. Weaved’s cloud services are already using unique, encrypted session keys per connection. Going forward, Weaved and SafeLogic will collaborate to bring SafeLogic’s trusted and verified encryption engines to the platform for applications that demand that level of security.
These are just a couple of measures needed to protect your local network from being compromised. There’s much more to cover on this topic, so expect to hear more from Weaved and SafeLogic in the near future, as we define and deploy our joint roadmap and services.