The IoT is not exactly known for its positive impact to the web from a security standpoint. By its very nature the IoT seeds the Internet with millions of devices. Devices that are often neglected by their manufacturer almost as soon as they leave the shop, and sometimes even before. Weak and hard coded default passwords, open ports with exposed services and un-patched software not only risks leaking personal information from sensors and devices in homes, schools, offices and public spaces. Often, the blatant disregard for security allows the devices to be completely owned by malware and added to bot-nets that in turn leverage the millions of devices to wreak havoc on other connected infrastructure. It is no exaggeration to say this big security risk for our connected societies.
So, how can this be addressed? The entire point of these devices are for them to always be available and connected, so taking them offline is not really an option. A new and exiting VPN technology might hold the answer. WireGuard is by its own words: fast, modern and secure. We will not go into detail for how Wireguard functions, nor how it is set up. Know only that it is much simpler than the technologies it tries to replace. And in this simplicity lies its strength.
In our smart travel suitcase we have made Wireguard an essential part of our architecture. As can be seen above, all networked communication passes through the VPN-tunnel. In fact, our smart-device(s) do no communication what so ever except to our server with the traffic being authorized and secured by Wireguards public- and private-key cryptography. This means that unless explicitly added to the VPN network all attempts to communicate with or connect to our devices will simply be met with silence like the device doesn’t even exist.
This then gives us the benefit of being thoroughly secured with all traffic passing through our central server. This way we do not care if our roaming suitcase communicates on unsecured Wifi, dictator-controlled 5G or even a wet string, all traffic will be securely encrypted. In addition, communication between devices, and between device and control unit like a smart phone or a laptop showing a control panel, is as simple as if the two where behind the same NATed router anywhere in the world. No need to proxy all data through a manufacturer that may or may not snoop on the data, or even shut down its servers. That’s pretty convenient.
We’re not saying we just solved IoT security for the whole world, but we’ve come pretty damn close.
Applying for: Force field