Just about anything can be an internet-of-things (IoT) device these days; even household appliances are able to connect to the internet. Vendors and their developers create mobile apps to communicate with and control IoT devices that interact with us on an intimate level. But often these apps provide the perfect gateway for attackers to intercept user data. We have some advice on how to create a secure IoT mobile app.
Internet of things picture from Shutterstock
Security services firm Pen Test Partners noted that the most common source of compromise when it comes to IoT devices are the mobile apps that interact with them. In a blog post, the company said:
"Decompiling the app is usually trivially easy and allows the hacker to understand exactly how your device interacts with the mobile app and then interacts with your online services"
The most common flaws identified by Pen Test Partners include poorly implemented secure sockets layer (SSL) that keeps communication between the app and the IoT device private, using static credentials in the mobile app and insecure storage of data in the app.
To create a secure mobile app for IoT, Pen Test Partners recommends that developers following coding guidelines that are set by the Open Web Application Security Project (OWASP). If you are a vendor that is outsourcing development of an app for your IoT device:
"[E]nsure your contract with the development house includes that the code written for you complies with good security standards."
Building a good app is just one piece of the puzzle. You can read more about security for IoT technology at the Pen Test Partners blog.
[Via Pen Test Partners]