As offices and workspaces are getting more and more IoT-enabled, the number of beacon deployments is growing, too. Offices use beacons for energy management, keyless access control systems and employer tracking services to gather contextual data. A common truth about IoT applied in offices is that it is often planned without consideration for security issues. A common assumption is that since the data is stored in the cloud, it remains safe. Well, while your cloud may be unhackable and your app fully encrypted, even the most secure software isn’t secure enough when the hardware is vulnerable.
IoT hardware needs a number of things to succeed: first of all it needs to work. Secondly, as discussed on TechCrunch, it needs security to ensure that it is working as designed.
Let’s make it clear: this is true for any IoT technology, whether it’s beacons, NFC, RFID, or other connected devices. If you’re gathering sensitive data or enabling features reserved only for your employees, you need secure infrastructure to protect the data. If not, the results may be disastrous.
The scope of this article will be focused only on beacons, but these same questions apply no matter what you’ve deployed. To help you avoid some of the common IoT security pitfalls, here are some issues you should consider before installing a beacon fleet.
1. How do you configure and communicate with your beacons?
Despite the recent hype around IoT security, some beacon manufacturers ship beacons that still have no security of any kind. This is disastrous because the beacons can be easily reconfigured without authentication. Anyone could simply take a beacon off the wall, change its settings with no need to find out the password or circumvent security. If you prioritize the security of your space and environment, avoid using such beacon hardware at all costs.
The comforting fact is that most beacon makers at the very least, require the administrator to enter a password to administer a beacon. It’s a better solution than no password at all, but it isn’t fully secure. By default, beacons broadcast their signal “in the clear,” (which means communication between the beacon and the device which manages it is not encrypted). This makes it relatively simple for anyone to put a BLE scanning device such as a smartphone or purpose built device near a beacon and eavesdrop over your communications with your beacons to discover your password. Armed with the password, they can connect to your beacon and reconfigure it, even going so far as to change the password.
The only way to prevent hijacking is to fully encrypt the communication so there’s no need to send passwords over the air. Instead, you queue new updates directly in the cloud. Once any smartphone with your app installed enters the beacon’s range, it automatically sends the encrypted updates directly to the beacon without understanding what’s in the packet. It’s easy, seamless, and 100% secure.
Does your potential beacon manufacturer allow you to encrypt the communication? Are your new updates broadcast securely? Make sure to thoroughly research this before making any purchase.
2. Is it possible to shuffle beacon identifiers?
If a malicious party grabbed your beacons’ Majors, Minors, UUIDs, and MAC addresses, they could spoof your fleet by placing your beacons’ identifiers into their own infrastructure. As a result, your app would treat the clones as authorised devices, and the hackers could trigger their own actions and gather your users’ data without your consent.
In the worst scenario—when your beacons broadcast the same identifiers over and over again—the hackers could be taking the advantage of your fleet and you wouldn’t even notice. This is why some manufacturers shuffle what your beacons broadcast randomly, changing the information daily or weekly so that hackers can’t use the previously grabbed identifiers to access your network infrastructure.
The problem is that you usually get a very limited number of combinations. What this means? Once a beacon has used all of them, it would start broadcasting them from the beginning. If a hacker grabbed them all, he or she could easily predict when they’re about to change and accordingly adjust his or her programs.
The most efficient way to protect your beacons against spoofing is to have a nearly unlimited amount of identifying combinations which shuffle on a random basis, so your beacon settings at a given time are unique and nobody can predict when they change again.
If you plan to gather data, spoofing is the most serious threat to your beacon infrastructure. Make sure to find out if the beacons you’ve chosen can deal with spoofing. Ask your manufacturer about their solution. Can you shuffle? How many combinations are there? How often can shuffling happen?
3. Is the beacon memory protected in any way?
Finally, ask your beacon provider what would happen if someone tried to physically probe the beacon memory. Would he or she succeed? How is the chip protected?
This is important because you want to make sure your beacons have the ability to wipe out the memory as soon as someone tries to access it. If the memory is directly readable, all of the work you’ve put into security so far may be for naught. The hackers can read the device passwords and encrypted communication keys off your hardware, and all of the cloud security you invested in would become worthless.
Your office is the heart of your company and you certainly don’t want to let unwanted parties in. So do the research, ask questions, and double check if a selected vendor is able to keep your confidential data private and secure.
Be prepared to ask more questions if new issues arise—remember that there are as many approaches and solutions to beacon security as there are beacon providers. Pick one that protects you and your office data best.