Last week, the internet experienced a large-scale distributed denial of service (DDoS) attack which used Internet of Things devices to propagate itself. The security of IoT has become a hot topic, for within the revolution of IoT lies the opportunity to subvert these devices to become part of a botnet. Out-of-date firmware, default admin credentials, and the sheer number of these devices can leave them vulnerable to attack.
75F believes in stopping these attacks before they start by enforcing correct design policies in the first place. Our CEO Deepinder Singh was interviewed by TechCrunch back in August, where he spoke about the risks of botnet attacks and emphasized ways to protect IoT devices. High levels of encryption, multiple data storage locations, the enforcement of unique login credentials, and a hardened Android front-end are some of the ways 75F ensures security at every level of our system.
Hardware & Software Security
75F uses a hardened version of Android as a secure gateway to protect all our devices. From a software standpoint, we use a kernel which is not remotely upgradeable and an application which is limited to only the permissions it needs to function. Our devices are thoroughly field tested – this eliminates the need for over-the-air updates which can leave devices vulnerable to attack.
We chose to provide an actual UX interface on our devices for configuration (a touch screen on our gateway, and buttons and an LCD screen on room modules), so there are no open TCP ports. For situations where remote access is required, we enforce the creation of a distinct account and password as part of our setup process to protect against attacks.
Our Wireless Room Modules (WRMs) and Central Control Unit (CCU) communicate over a hardware encrypted mesh network – which is considered the most reliable and secure network available. For all communication happening across the mesh network, we use 128 AES encryption - the same level of security used for the majority of online banking.
Communication between the CCU and our cloud servers uses an even stronger level of encryption: 256 AES. It’s the strongest level of encryption available, and it’s approved by the NSA for sending TOP SECRET information.
Data reliability means ensuring all data is backed up appropriately. Our backend data as a service provider (DaaS) automatically backs up application and configuration data on an hourly basis, and retain backups for up to 30 days. In addition to hourly DaaS backups, we also back up your data daily in two additional places: the CCU and a separate service provider. Your data is stored in three separate places, ensuring maximum security.
Secure Data Storage
Storing secure data on the cloud is a great concern. For all of 75F’s data storage, we use a database service which uses the Amazon Web Services platform (AWS), backed by Amazon. AWS is one of the most popular cloud storage platforms in the world. Its cloud services regularly undergo rigorous security audits and have completed the requirements of major security certification, which are detailed here.
Our database service employs layers of user authorization and authentication, requiring passwords to access all levels of data down to the last row in the database. No data is accessible unless the user is authorized, allowing for precise control. It also uses custom hooks – which are small bits of code required every time a call for data storage is requested. These hooks can be executed before or after a save, delete, or fetch, allowing total control over how and when the data can be fetched or modified. We also report any unidentified packets back to our cloud hosted servers. There, they are analyzed by our central alarming infrastructure, allowing for identification.
75F has been an advocate for IoT security since the beginning. We believe in stopping botnet attacks at the source by ensuring secure product design and secure gateways which protect all on-premise devices. 75F has taken all the steps to ensure safety and protection against attacks – and as leaders in the IoT revolution, we remain a step ahead.
To learn more, check out our Security and Reliability Tech Brief.