Gatwick incident – Dronejacking will get worse before it gets better.

By Cesare Garlati – prpl Chief Security Strategist

With the recent news of a drone causing chaos at Gatwick airport, hacking IoT devices has resurfaced as a topic of discussion especially regarding the security issues should a multitude of devices be hacked.

In the optimal situation, there is no way that anyone should be able to access, much less hijack, the critical functions of an IoT device such as a drone. While the power for destruction from just one drone may seem paltry, directing these drones in large numbers at a target is a very real, and dangerous, possibility – as confirmed by this news.

The time to act is now to take control of security in IoT devices at the most basic level: the hardware.

Manufacturers need to move away from the attitude that “it works, let’s try to secure it and get it to market” to “if it’s not secure, it doesn’t work”. Unless the industry adopts this attitude, the security problems of IoT will continue to proliferate at an alarming rate and unfortunately, lives could quite literally be at stake.

*   *   *

More about what can be done today to secure IoT: prpl Security Guidance for IoT

More about what can be done today to secure the smart home: prpl Smart Home Security Report

Inadequate IoT Security is Setting Regulators on Collision Course with Consumers

By Art Swift, President prpl Foundation

It was Charles Dickens’ much celebrated novel Oliver Twist that first popularized the phrase “the law is an ass.” It resonated far and wide for people who viewed the British legal system of the time as unjust and at odds with common sense. Now, no one is suggesting that the highly evolved legal and regulatory system we have in the modern United States is anything like the situation Dickens described 177 years ago. But it remains that rules set by regulators and lawmakers have consistently failed to keep up with the pace of technological change – and there’s a real danger they could now threaten the development of the Internet of Things (IoT) and embedded computing.

Continue reading

Your boss yells ‘build a secure IoT gadget’ and you don’t know where to start. Take a look at this

Tech foundation publishes gentle guide

A 101 introduction to designing secure Internet-of-Things devices and similar systems has been published today by the MIPS-cheerleading Prpl Foundation.

The illustrated guidebook is not tied to the aforementioned processor architecture: it can be understood by anyone dabbling in ARM, x86 and MIPS-based embedded engineering.

It’s aimed at people designing internet-connected gadgets and gizmos who want to make sure malicious code doesn’t end up compromising devices. If you’re an engineering sage, this 55-page document isn’t going to flip your control register bits, but if you’re new to this space, it will give you a good steer.

Continue reading

The Journey to a Secure Internet of Things Starts Here

The prpl Foundation announces its visionary document for an open, hardware-led approach to make life-threatening flaws in connected devices a thing of the past

Click here to download the PDFprpl Security Guidance

As the Internet of Things finds its way into ever more critical environments – from cars, to airlines to hospitals – the potentially life-threatening cyber security implications must be addressed. Over the past few months, real world examples have emerged showing how proprietary connected systems relying on outdated notions of ‘security-by-obscurity’ can in fact be reverse engineered and chip firmware modified to give hackers complete remote control. The consequences could be deadly.

A new approach is needed to secure connected devices, which is exactly what the prpl Foundation is proposing in its new document: Security Guidance for Critical Areas of Embedded Computing. It lays out a vision for a new hardware-led approach based on open source and interoperable standards. At its core is a secure boot enabled by a “root of trust” anchored in the silicon, and hardware-based virtualization to restrict lateral movement.

Continue reading