October 31, 2017
How to Approach IoT with a Security First Approach
Last year it was the Mirai malware and just a year later it’s the KRACK exploit serving as a fresh reminder to everyone producing IOT devices about the importance of end to end security.
What is KRACK?
In simple terms, it’s a sophisticated Wi-Fi attack that exploits a vulnerability in the WPA2 authentication protocol; letting the attacker decrypt all network packets to and from the victim. The result of this attack is like being connected to an unsecured Wi-Fi network at a hotel or a coffee shop with no firewalls.
What can happen to the victim? All traffic in the clear (HTTP) can be sniffed, modified and injected with malware, ransomware or other malicious exploits to make matters worse. What about HTTPS? Traffic encrypted with TLS1.2 is secure and tamper free given that the connected device or the client application is taking proper security measures.
Proper security measures? This is a term that has unfortunately become somewhat cliché, but we at Rhombus do not take securing our products lightly. We take a holistic, top down approach to provide complete and true end to end security. And in the event of zero-day exploits in open standards (like KRACK) we provide automatic OTA firmware updates to respond immediately.
To provide this type of security we make sure that our cloud, mobile, web, data at rest, data in transit, and our cameras (physical access, firmware and all communication to and from the camera) adhere to strict, well defined principles and go through several layers of both internal and external security audits before releasing them to end users.
Layers of Security
Following is an overview of how each component in our infrastructure was designed with a security first approach to ensure that our products act as a deterrent to attacks and exploits in the environments they are deployed in.
Rhombus cloud infrastructure is hosted on Amazon AWS with all services hosted within the AWS Virtual Private Cloud (VPC). Despite being within the VPC, we operate under the assumption that the network is insecure, and take the necessary measures to isolate external and internal access to our services with complete audit trails and monitoring.
In addition our cloud facing applications adhere to the OWASP security guidelines. On a regular basis we use web security scanners to ensure that our applications are resistant to any form of CSRF, XFS, XSS, Session Hijacking, Session randomness, Authentication bypass, Brute force protection, ACL/Privilege Escalation and Proper salting, to mention a few.
All communication (data in transit), whether within our VPC or between any of our external endpoints is done over mutually authenticated TLS1.2 secure channel with pinned CA’s to prevent any man in the middle attacks.
Any customer data at rest that is stored in the cloud is encrypted using SSE-KMS whereas all video and audio data stored on the camera SD card is encrypted using LUKS AES256.
There are multiple layers involved in securing an IOT device end to end which for our case is a camera. Starting with physical access, we lock down UART. On the software side, our firmware is signed and verified before being flashed on to the camera, using a specialized OTA update architecture that ensures that any security patches, feature releases and updates are applied in a timely manner with complete AUDIT trails being available.
In addition, unlike the typical IOT devices that flood the market, we do not require making any network changes to the firewall including any insecure port forwarding techniques. Instead our cameras make outbound mutually authenticated secure TLS1.2 connections on standard SSL ports. Lastly, for secure, seamless LAN streaming, we ensure that entities with only authenticated and authorized security sessions are allowed to connect to the camera.
In addition to providing our users with standard enterprise features such as 2FA and SSO/SAML, we also provide intelligent monitoring and alerts for anomalous usage activity. This includes alerting users about anomalous login attempts and usage patterns so that preemptive actions can be taken within seconds.
Developing secure IOT devices is not an easy task and making sure that these devices are not a source of any exploit is a serious obligation for anyone developing them. Because of our security-first DNA, we are confident that our cameras can safely be deployed into the enterprise IT infrastructure while providing the intelligence necessary to be a critical component of a company’s physical security solution.