IoT security and hardening
Over the years, smart connected devices have become smaller, cheaper, and easier to use in critical infrastructure, fintech, defence and industrial systems. Such devices often work with sensitive data and IP: gather and send telemetry data, run ML models, process video and photos, or control other devices—so, they should be protected against unauthorized access and misuse.
Edge Compute / IoT / ICS / SCADA security issues are centered around a fragmented ecosystem (different OS, languages and hardware capabilities), power and performance constraints, and unique threat models (grab-n-run). Unless specific actions are taken to secure the devices, applications, and communications, they are at risk.
IoT security challenges
Software and firmware vulnerabilities
Any vulnerability discovered in IoT firmware or software can affect thousands or millions of devices. In many cases, patches can’t be easily propagated to all the devices. The owners become responsible for following the news and updating their devices, which is complicated for many users.
Lack of strong cryptography and TEE
A mix of available operating systems, lack of Trusted Execution Environment and a separate cryptographic coprocessor, restricted memory and power, and difficulty of patching software lead to weak cryptographic choices. Often, IoT devices rely on old unsuited cryptography and leak sensitive data via timing attacks or power analysis.
Platform security is complicated
Operating systems for IoT are very fragmented. Platforms and schedulers (Simba), specialized OS (FreeRTOS and HeliOS), ported OS (Google Mendel Linux, Raspberry Pi OS) or even full-scale OS (Debian, Ubuntu or Android)—all of them provide different security controls and require proper configuring, maintenance, and patching.
Closed and legacy systems
The legacy lives with bleeding edge in one box, from integrated electronics to large industrial systems. Being able to bridge specialized protocols (such as IEC 60870-5-10*, Modbus TCP, Profibus, Profinet, etc.), add security to simple over-the-wire telemetry, and deal with physical constraints requires a special combination of skills and patience.
IoT security solutions and approaches
Data and IP protection
Application level encryption, including end-to-end encryption, aims to protect stored data and communicate with the backend server securely. The data should be protected during the whole lifecycle: from generation to backups.
OS security and hardening
OS security includes patching OS core, removing unused components, configuring data at rest encryption, enabling access control, and befriending OS security with application security. Read below about the approach we use.
Reverse engineering protections
Reverse engineering protections are security controls employed to ensure that if the device is remotely attacked or physically stolen from the end-user, it’s not easy to debug it or steal valuable data and IP.
Our offerings
// Relevant products
Acra
A DATABASE SECURITY SUITE
Themis
A CROSS PLATFORM CRYPTO LIBRARY
// Custom solutions and consulting
OS and device hardening for IoT
IP protection and anti-reverse engineering
Secure communications for IoT
Specialized cryptography for IoT
Auditing and reviewing
Security engineering
Have a question? Get a human to answer it!
Why do IoT security with us
Relevant engineering experience
We’ve done IoT security for projects with thousands of smart devices, powered by Raspberry Pi, Google Coral, and STM32. We’ve designed and built mesh networks for device communication, integrated radio and NFC connections, implemented IP protection, custom encryption protocols, ML model protections, and many more.
Full-cycle security
We work on all fronts to ensure our customers' systems function securely: starting from device provisioning, OS hardening, implementing application security, integrating data encryption, and building secure communications up to long-term maintenance and support.
Addressing real-world risks
We make IoT security work for your use case. Starting from assessing real risks and threats for every case and device, we develop a spectrum of hands-on solutions best suited for your hardware, goal, and constraints.
Suitable for hard tasks
Our hardened devices work in defence and critical infrastructure, power generation management and remote data acquisition. We understand the nuance of highly-available devices in hostile conditions.
For innovators, by innovators
We've started Cossack Labs to develop new tools and methods for protecting the data and enabling novel solutions to emerging problems — so that at the edge of your innovation, you’ve already got fitting tools handy.
Contact us
There are many ways we can help: with our products, bespoke solutions, and engineering services. Leave your contact information to connect with our team:
Relevant blogposts
Cryptographic failures in RF encryption allow stealing robotic devices
Stunned by losing their robotic devices, [REDACTED] learnt that they were hijacked by attackers even with communication being encrypted. Having researched its firmware and found numerous cryptographic failures, we've crafted a few demos on how cryptography goes wrong in real life.
Secure search over encrypted data
What is searchable encryption and how to perform secure search over encrypted data.
Crypto wallets security as seen by security engineers
How to build secure crypto wallets, analysing issues found during crypto wallet security audits.