12 Steps to Stop the Next IoT Attack in its Tracks

IoT Attack

Distributed denial-of-service (DDoS) #IoT attack against DNS are a wake up call to how fragile the #Internet can be.

The IoT attack against Domain Name Servers from a botnet of thousands of devices means it’s way past time to take IoT security seriously. The bad actors around the world who previously used PCs, servers and smartphones to carry out attacks have now set their sights on the growing tidal wave of IoT devices. It’s time for consumers and enterprises to protect themselves and others by locking down their devices, gateways and platforms. While staying secure is a never-ending journey, here’s a list of twelve actions you can take to get started:

  1. Change the default usernames and passwords on your IoT devices and edge gateways to something strong.
  2. Device telemetry connections must be outbound-only. Never listen for incoming commands or you’ll get hacked.
  3. Devices should support secure boot with cryptographically signed code by the manufacturer to ensure firmware is unaltered.
  4. Devices must have enough compute power and RAM to create a transport layer security (TLS) tunnel to secure data in transit.
  5. Use devices and edge gateways that include a Trusted Platform Module (TPM) chip to securely store keys, connection strings and passwords in hardware.
  6. IoT platforms must maintain a list of authorized devices, edge gateways, associated keys and expiration dates/times to authenticate each device.
  7. The telemetry ingestion component of IoT platforms must limit IP address ranges to just those used by managed devices and edge gateways.
  8. Since embedded IoT devices and edge gateways are only secure at a single point in time, IoT platforms must be able to remotely update their firmware to keep them secure.
  9. When telemetry arrives in an IoT platform, the queue, bus or storage where data comes to rest must be encrypted.
  10. Devices and edge gateways managed by an IoT platform must update/rotate their security access tokens prior to expiration.
  11. Field gateways in the fog layer must authenticate connected IoT devices, encrypt their data at rest and then authenticate with upstream IoT platforms.
  12. IoT platforms must authenticate each device sending telemetry and blacklist compromised devices to prevent attacks.

Keeping the various components that make up the IoT value chain secure requires constant vigilance. In addition to doing your part, it’s important to hold the vendors of the IoT devices, gateways and platforms accountable for delivering technology that’s secure today and in the future.

Convert Your Confusing Win32 Apps to Touch-First Mobile Apps

Book Cover

Migrate confusing Win32 apps with tiny controls to touch-first #mobile apps with large fonts and UI elements while including gesture support and proper spacing.

The advent of a mouse connected to every computer gave users a pixel-precision pointing device. Coupled with ever-growing computer monitors and higher resolution screens, UI elements got smaller and smaller. This wasn’t a problem until mobile devices with their small screens became popular. The developers that crammed lots of small buttons and data grids on big PC screens brought those bad UI habits to mobile.

At first, these new mobile developers got away with it because personal digital assistants (PDAs) like the Palm, Handspring, Zaurus and Pocket PC used a stylus with plastic, resistive touch screens. Until the touchable iPhone was released in 2007, many smartphones used a stylus as a replacement for the mouse’s precision pointing. This facilitated tiny, touchable UI elements that were hard to see.

When developing today’s mobile apps (native + web), touchable UI elements like buttons must be finger-friendly and at least 44 x 44 pixels in size. To prevent the “fat-finger” problem, they must also be at least 20 pixels apart from each other. This will vary based on screen size and pixel density. Implementing responsive design principles is also a must. UI elements must scale smoothly to different smartphone and tablet screen sizes and support gestures like swiping. They must also reorient themselves when a device shifts between portrait and landscape and implement “hamburger” menus to conserve screen space.

Improve user productivity by creating touchable apps that are easy to use to get employees up and running while reducing training requirements and expenses. What is your organization doing to improve app productivity?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click here to purchase a copy of my book today and start transforming your business!

[blog_subscription_form title=”Subscribe” title_following=”You are already subscribed” subscribe_text=” Enter your email address to subscribe to my blog and receive notifications of new articles by email.” subscribe_logged_in=”Click to subscribe to this site” subscribe_button=”Subscribe Now” show_subscribers_total=false]

It’s Time for one Mobile Database to Rule Them All

Book Cover

Migrate Win32 applications using a mobile #database like FoxPro, dBase, Access and #SQL Server Compact to #SQLite across all #mobile devices.

If it weren’t for desktop databases and learning SQL, my career as a developer may never have launched. I learned dBase for DOS in college, moved on to Paradox when Windows arrived on the scene and then fell in love with Access. I want to take this moment to say “I’m sorry” to all the IT departments that watched in horror as workgroup-level Access databases spread like wildfire on NetWare, Windows for Workgroups and NT servers to take over the corporate world. Employees who weren’t developers or DBAs were empowered to build their own solutions.

When devices for the mobile enterprise arrived in the late 90s and early 2000s, new databases like Sybase SQL Anywhere and Microsoft SQL Server Compact picked up where their desktop forbearers left off. These tiny relational engines brought serious business apps to life with built-in data sync with server databases. Today, platforms like iOS, Android and Windows are the biggest game in town and the only mobile database that runs on all of them is SQLite. From a pragmatic standpoint, this open source, cross-platform database with ACID (Atomicity, Consistency, Isolation, Durability) support should be your choice to give enterprise mobile data apps the broadest reach. Don’t worry about SQLite just being the database flavor of the week. It supports SQL-92 and works with most programming languages. It has a public domain license and has been around since the year 2000. It also happens to be the most widely deployed database in the world.

Improve user productivity and increase revenue by using a mobile database that works with every device and keeps your apps working with or without connectivity. Which desktop, mobile or embedded databases are you currently using?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click here to purchase a copy of my book today and start transforming your business!

Keep your Mobile Data Safe when Apps Talk to Each Other

Book Cover

Convert Win32 applications using local interprocess communications (IPC) to #mobile #apps that securely send #data to each other via contracts.

In the 90s, platforms and programming languages allowed developers to call functions that were increasingly farther away from the calling code. Calling into subroutines gave way to instantiating classes to call functions. Calling exported functions in separate C DLLs gave way to using Object Linking and Embedding (OLE) to call functions in separate programs. You could even embed the UI of a different program like Excel inside your app.

Developers went nuts with this stuff and started calling functions or passing messages to other local apps using Named Pipes, Mailslots, shared databases, TCP, UDP, message queues and shared files. On Windows Mobile, point-to-point queues were used with multiple executables to get around app memory limits. The problem with IPC is that security took a back seat and apps were just asking to be hacked as they listened for incoming connections like little web servers.

Today’s modern mobile platforms don’t allow this. Platforms require things like contracts, intents and extensions. They declare API interactions and what information can be shared between two apps as well as the files they can open. Users are prompted to give their permission to this type of interaction between apps which prevents data leakage at the device edge.

Reduce risk to your business by migrating your apps to a more secure method of data sharing between app sandboxes. What is your organization doing to secure app data sharing?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click here to purchase a copy of my book today and start transforming your business!

Make your Apps More Personal and Contextual or Risk Losing Customers

Book Cover

Awaken those one-dimensional, client/server applications to all the #sensors found on #mobile devices that make them richly personal.

The desktop apps of the 90s could really only sense mouse clicks. While they could communicate over dial-up modems, those apps were unable to discern the world around them until smartphones arrived and became the most personal computing platform ever. Sensors helped make smartphones disruptive and they will do the same for all the apps you’re migrating:

  • Barometer: Apps can detect elevation or changing weather conditions
  • Camera: Apps can take photos, videos, scan 2D/3D barcodes and authenticate via facial recognition
  • Microphone: Apps can respond to commands via Apple Siri, Microsoft Cortana, or Google Now
  • Accelerometer: Apps can measure steps, switch from portrait to landscape, respond to device position, and control in-app, game or drone behavior
  • Magnetometer/Compass: Apps know direction
  • Gyroscope: Apps can detect movement
  • GPS: Apps know where you are and how to get you where you’re going with maps
  • Proximity: Apps change behavior when your phone is close to something
  • Bluetooth: Apps can pair with other devices, stream audio and respond to beacons
  • Wireless radios: Apps can connect to anything
  • Fingerprint scanner: Apps can authenticate users biometrically and authorize purchases

Improve user experience by taking advantage of sensors that help employees and customers complete tasks more quickly. What is your company doing to enrich its mobile apps?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click here to purchase a copy of my book today and start transforming your business!