This week at Works With, Silicon Labs Sr. Product Manager of IoT Security, Mike Dow, discussed the ever-changing landscape of security attacks, legislation and our products’ preparedness for the modern security landscape. Additionally, Brad Ree, CTO of ioXt Alliance discussed how the organization is working to unify IoT security standards and build trust around end-product safety and security.

To begin, Mike discussed the stakes –  modern ransomware attacks are costing companies millions of dollars. Historically, these ransomware attacks have been remote attacks against individuals, such as vulnerable household families on their desktop computers, for around $200-$500 each. Today, however, “big game hunting” is more common, where organizations like hospitals or companies are targeted, for ransoms upwards of $10M-$15M. The exact price paid for these ransoms is hard to know, but it is safe to say these ransomware attacks include costly prices and downtime that companies cannot afford.

Additionally, the rise of “pivot attacks” have empowered the cyber-criminals behind these attacks. “Pivot attacks” refer to the phenomenon of using an IoT device (such as a thermostat) as an entry point to a victim’s network. A network’s security, after all, is only as strong as its most vulnerable connected device. This, of course, speaks to the importance of having strong security in these network end nodes.

Mike notes that this is leading to new legislation around cyber security. While the legislation varies from country to country (and state –to state within the U.S.), it generally provides that IoT devices like lightbulbs and thermostats must be “reasonably secure” against such threats, to prevent individuals and companies from falling victim to ransomware and the downtime that comes with it. He expects that we’ll continue to see IoT security-related legislation appear and evolve over time.

He then discusses how our Secure Vault technology that launched this year contains the exact features needed to help protect companies and individuals against the aforementioned modern attacks. From cryptography features like secure key management, to hardware features like Anti-Tamper and DPA Countermeasures, we’ve protected devices from network attacks, hardware attacks, and ensured integrity, authenticity, and confidentiality for end users.

Anti-tamper is one of the Secure Vault features that safeguard from modern attacks  

These features, along with others, exemplify our commitment to protecting devices during manufacturing, deployment, and end of life.

You can learn more about the Secure Vault features Mike mentioned by visiting the following links:

• Secure Boot
• Secure Debug
• DPA Countermeasures
• Anti-Tamper
• Secure Attestation
• Secure Key Management

View a full list of features here.

Next, Brad Ree spoke about the ioXt Alliance’s efforts to improve the global standard of IoT security and build confidence in IoT products. The alliance drives adoption of their security standards by harmonizing the security requirements of channel owners and suppliers and providing authorized test labs for devices that require a third-party test lab.

Their mission begins with the ioXt Security pledge which exemplifies the scope of their mission, and the wide variety of security measures that need to be in place for secure IoT products: 

Brad shares the ioXt Security Pledge

 Brad went on to discuss how different devices have different security needs, therefore requiring different threat models. By defining all the threats that can happen throughout the lifecycle of a device, effective tests can be defined and manufacturers can be empowered to thoroughly assess device security.

To preserve the integrity of tests and their self-certification program, ioXt Alliance offers a rewards program (similar to a bug bounty) to researchers who find that test integrity was compromised. Upon completion,  ioXt Alliance provides the following certification symbol, which is the same regardless of device type or testing rigor:

By using the same symbol across devices, the alliance hopes to strengthen the recognition of the symbol, eliminate confusion for customers that might come from a tiered system and ultimately build trust that certified products are protected.

Both Mike and Brad share the common hope that IoT products will continue to receive the security-related attention that they deserve. To watch the on-demand recording of the Works With security presentation, click here and register.

To learn more about securing your products and our Secure Vault technology, visit silabs.com/security.