Properly Protecting the Internet of Things Will Require Changes from Business as Usual
SAN FRANCISCO--Mocana today urged developers of smart connected devices - the smartphones, routers, switches, smart TVs, industrial controls, heating and ventilation systems, appliances and other commercial and consumer hardware increasingly attached to the Internet of Things (IoT) - to heed the wake-up call of Heartbleed and ensure their products are secure, private and safe. According to security experts at Mocana, the Internet of Things puts computers into all sorts of smart connected devices, especially for consumers, and most manufacturers are less accustomed to providing adequate security than most PC and software makers.
The problem, especially on the consumer side, goes to the heart of the way the market has developed up until now, according to Mocana. Millions of existing devices were manufactured using old versions of software, which cannot be easily upgraded or patched, if at all, when a problem like Heartbleed arises. The result, according to a recent blog post by computer security and privacy specialist Bruce Schneier, is that "hundreds of millions of devices have been sitting on the Internet, unpatched and insecure, for the last five to ten years." And this problem will rapidly get worse if something doesn't change, because it is still early days for the Internet of Things.
"Embedded systems developers need to start taking security more seriously and design their systems better. They need to start by using security software that's proven and built expressly for embedded systems and then build their systems so that the software in these devices can be updated or patched, as needed," said Paul Fulton, vice president of IoT products at Mocana. "Mocana offers a broad range of embedded security solutions for the Internet of Things, including our NanoSSL™ secured data transport technology, that do all the security 'heavy lifting' for device makers by providing security through easy-to-use APIs for rapid integration."
NanoSSL is Mocana's super fast, super small SSL/TLS solution specifically designed to speed product development while providing best-in-class device security services for resource-constrained environments. NanoSSL is extensible, small footprint (50KB), platform-agnostic and includes an optional government-certified FIPS 140-2 level-1-validated crypto core. NanoSSL includes a full-featured key generator and certificate management client, and supports U.S. government Suite B crypto algorithms and the new RFC standard for TLS 1.2.
"Mocana NanoSSL isn't just another SSL toolkit. It's a professional device security platform that helps our customers shave months off their engineering timelines while delivering differentiated products with advanced security features that just aren't available anywhere else," said John Aisien, senior vice president of marketing and corporate development at Mocana.
"It seems that almost every day now we are learning of more places affected by Heartbleed, one of the latest being the Android 4.1.1 operating system, which is found in about a third of all Android devices," said Fulton. "The industry is moving at full speed to build out the Internet of Things, yet we keep learning that devices we thought were secure aren't. At some point, hopefully soon as a result of this wake-up call, manufacturers will start to take security more seriously and take the steps necessary before the inevitable happens again."
According to Fulton, Mocana has noticed a trend of major OEMs looking to migrate away from open source security solutions to commercially produced products like Mocana NanoSSL as more vulnerabilities like Heartbleed are exposed in commonly used open-source security implementations. Mocana is addressing the needs of these customers with a convenient migration package to help simplify and speed the process.
Mocana makes security easy for enterprise mobility and the Internet of Things. Recognized as a World Economic Forum "Technology Pioneer," Mocana builds on deep expertise born from a decade securing everything from medical devices to defense electronics, from point-of-sale terminals to the smart grid to home automation. The company's Mobile Application Protection (MAP™) offering, distributed globally by SAP, automates end-to-end security for iOS and Android™ apps and authenticates mobile users, apps and devices to business systems. More information is available at www.mocana.com.