Mender Whitepaper Series

Security considerations for remote management of software in IoT devices

This paper addresses security threats when designing internet connected devices and how software updated remotely if implemented poorly can provide additional attack vectors to already existing device vulnerabilities.

IoT security issues are different from traditional IT security environments. In IoT while data protection concerns still exist they mainly extend further into the physical world and most often at large scale with heavy reliance on battery and wireless connectivity where interruption in operations can cause millions of dollars of damage within a short period of time. Therefore, it inherently becomes harder to secure IoT devices as compared to other environments.

The security challenge has drawn the attention of users, developers, device manufacturers and government agencies around the world. The hacking of a wide spectrum of smart devices such as smart fridges, and baby monitors to the infotainment system in your car are indicative of a security trauma being caused by the nature of these devices being online and vulnerable to attacks.

In this paper, we discuss:

  • Potential security threats when designing smart devices
  • How software updated remotely if implemented poorly can provide additional attack vectors to already existing device vulnerabilities
  • How to implement preventive OTA software update strategies against these potential attack vectors

Download the whitepaper