7 Security Lessons The Video Game Industry Can Teach IoT Manufacturers
- by 7wData
The Internet of Things has alarming holes in security. The industry should look to video games for some answers.
What's the most secure connected device in your house right now? Would you believe me if I told you it's your Xbox One or PlayStation 4? Criminals have been trying to find ways to hack video game consoles to run pirated software since the days of the original Famicom and Nintendo Entertainment System. To combat this, each new generation of game system has shipped with increasingly robust hardware and software security mechanisms, making consoles among the hardest computing devices to crack.
Since the tricks that pirates use to gain privileges on video game consoles are very similar to the exploits cybercriminals use to hack computers and Internet of Things devices, IoT device manufactures can learn a lot about effective security design from consoles. Here are seven security mechanisms used by video game consoles that could and should be applied to IoT devices.
TPM/security coprocessors and crypto keys: A trusted platform module (TPM) is a microcontroller dedicated to security that is built into many modern computer processers. Among other things, these modules can securely store unique crypto keys for the devices they're installed on — both keys to identify the particular device and the vendor's public keys to validate vendor communications. Once the hardware has private and unique keys, it can use them to build security checks into the system.
Secure boot: One way hackers attack embedded devices or video game platforms is to modify the boot or startup process, which might allow them to load malicious firmware or a different operating system. If you have a device with crypto keys stored in a protected place, you can use those keys to verify every step of the boot process, making it exponentially more difficult for attackers to load unsanctioned software. Validating each bit of software that the boot process loads makes it exponentially more difficult for attackers to influence or manipulate this process.
Signed firmware updates: A security module in the processor also allows devices to store and protect a manufacturer key, which a device vendor can use to sign all of the software with permission to run on the system. This prevents attackers from loading new firmware or an operating system, or even from loading illegitimate software, including malware. Some IoT device makers that want to keep their system open to modification may not want to implement this, but the approach should be considered for any device that involves sensitive customer data.
[Social9_Share class=”s9-widget-wrapper”]
Upcoming Events
Shift Difficult Problems Left with Graph Analysis on Streaming Data
29 April 2024
12 PM ET – 1 PM ET
Read MoreYou Might Be Interested In
Smart Cities and Linked Data
13 Oct, 2016The European Union defines a ‘smart city’ as “a city well performing in 6 key fields of urban development, built …
Artificial Intelligence and Machine Learning Drive the Future of Supply Chain Logistics
20 May, 2021Artificial intelligence (AI) is more accessible than ever and is increasingly used to improve business operations and outcomes, not only …
Fleet management meets big data
15 Mar, 2017The significance of IoT in fleet management cannot be overstated: as major Middle East markets like the UAE and Saudi …
Recent Jobs
Do You Want to Share Your Story?
Bring your insights on Data, Visualization, Innovation or Business Agility to our community. Let them learn from your experience.