EEJournal

editor's blog
Subscribe Now
May 6, 2014

IoT Paranoia – Not a Bad Thing

by Kevin Morris

While the Internet of Things (IoT) is full of promise, there’s one word that summarizes all that people fear about it: security.

We got to hear a bit about that at a session dedicated to the topic at the recent Internet of Things Engineering Summit co-conference at EE Live. Presented by consultant George Neville-Neil, it wasn’t about technology per se; it was about our state of mind.

Most of us believe it’s important to keep intruders out. His main takeaway: assume they will get in. Because, eventually, they will. Building sturdy walls is good and important, but planning for what happens next is also important.

What caught my ear in particular is one of the less-obvious possible consequences of not minding the store properly: a “consent decree.” I’ve heard the term in a generic sense, but it’s not obvious what the implications are if you’ve never had one (which I haven’t, which is why I asked). Apparently, if you’ve been careless with security, a consent decree allows the Federal Trade Commission (FTC) to become your overseer, getting all up in your business and stepping in when they want. Most of all, the documentation required during the term of the decree sounds particularly onerous. So… avoid this.

That aside, the following are my attempt to summarize his supporting recommendations (“attempt” because I was writing furiously to keep up):

  • Shrink the “attack surface” (i.e., expose less). Meaning, drivers, daemons, features, debug access, web servers, data loggers, etc.
  • Separate out “concerns.” I.e., no processes with root access or super-control; restrict access to data. Nothing gets access to anything irrelevant.
  • “Defense in Depth” – rings of security. What happens when the first wall is breached?
  • Provide only those features really needed. (OK, marketing will have a fun time with this. You know the drill:
    • Marketing: Here are the features we need in the next release.
    • Engineering: You can’t have them all; which ones do you really need?
    • Marketing: We need them all. We didn’t bother asking for the nice-to-haves.
    • Engineering: Well, which of these do you need least?

In other words, marketing probably already thinks they’re getting less than the really-needed features.)

  • Be conservative in what data you accept and send.
  • Review your code.
  • Review other people’s code – especially when incorporating someone else’s code or IP. Do an internet search for the package along with words like “crash” or swear words to find red flags.
  • Use “sandboxing” to provide isolation.
  • Use automation to test and analyze your code. Oh, and don’t forget to look at the results.
  • And, the bottom line, “Plan for Compromise.”

And sleep with one eye open. Because They’re coming, you know…

Leave a Reply

featured blogs
The Curious Case of the African Tigger
Jul 11, 2025
Can you help me track down the source of the poem titled 'The African Tigger is Fading Away'?...
More from Max's Cool Beans...

Libby's Lab

Libby's Lab - Scopes out Littelfuse C&K Aerospace AeroSplice Connectors

Sponsored by Mouser Electronics and Littelfuse

Join Libby and Demo in this episode of “Libby’s Lab” as they explore the Littelfuse C&K Aerospace Aerosplice Connectors, available at Mouser.com! These connectors are ideal for high-reliability easy-to-use wire-to-wire connections in aerospace applications. Keep your circuits charged and your ideas sparking!

Click here for more information

featured paper

Agilex™ 3 vs. Certus-N2 Devices: Head-to-Head Benchmarking on 10 OpenCores Designs

Sponsored by Altera

Explore how Agilex™ 3 FPGAs deliver up to 2.4× higher performance and 30% lower power than comparable low-cost FPGAs in embedded applications. This white paper benchmarks real workloads, highlights key architectural advantages, and shows how Agilex 3 enables efficient AI, vision, and control systems with headroom to scale.

Click to read more

featured chalk talk

BD18333EUV 24-Channel Automotive LED Driver
Sponsored by Mouser Electronics and ROHM Semiconductor
In this episode of Chalk Talk, Catherine Scott from ROHM Semiconductor and Amelia Dalton explore automotive LED driver applications and how ROHM Semiconductor is driving innovation in this arena. They also investigate the animated lighting and limp home modes of ROHM’s BD18333EUV 24-Channel Automotive LED Driver and how you can use these solutions for your next automotive design.
Click here for more information about ROHM Semiconductor Automotive LED Drivers
Jun 19, 2025
23,047 views