The main message I took away was that IoT security is achievable but requires a lot of thought up front at the design stage including selection of the primary hardware to enable secure identification of the IoT node. Obviously the level security should be aligned with the value of the asset being secured and that is down to the security risk assessment performed (or not!) by the manufacturer.
First we enjoyed a superb talk by Ken Munro from Pen Test Partners on ethical hacking of IoT devices and how compromised security of one device can lead to a whole heap of problems. Examples included a large DDos botnet made from compromised CCTV DVRs, plain text passwords stored in a Wi-Fi kettle and hacked building management systems being used to mine Bitcoins.
Microchip Technology Inc. gave a talk on their ECC508/608 and demonstrated how it can be used (with Amazon Web Services) to uniquely identify and verify an IoT node in an easily embeddable package. This was a well delivered presentation that covered
Following on from that, there were some good presentations from NXP Semiconductors on their A1006 devices and smartcard based signing ecosystem, ST Microelectronics on their ST32 microcontroller security and ST Safe modules, and lastly Arm on their mbed OS and mbed cloud security features.
Overall it was a well organised event; the Digital Exchange building on Peckover Street has been well converted into a conference and working space. It was nice to meet some new faces as well as catch up with old ones. My only regret is that I couldn’t stay for the fine Bradford curry afterwards as I had a train to catch.