Did you know that you can enjoy many members-only features simply by quickly registering (no CAPTCHA!)?
Registering gives you access to our giveaways, forum features, increased search performance, access to our Download Library, create your own blog & gallery, and more!
Once you have registered, stop by in 'Hello World', and introduce yourself.
Categories See All →
Updating GDO Security+ 2.0 MyQ Door Control Push Button for use with OP2/Elk panels
pete_c - Feb 04 2019 04:15 PM
Project Update #29: How Plum is Securing the Internet of ThingsUbe
A message from the Plum (previously Ube) CTO, Chris Weaver, on Plum's position on security for the internet of things.
Plum, Security and the Internet of Things
The Internet is a Dangerous Place
Welcome to the wild, wild west. At any given moment, literally millions of people are trying to gain control of any device connected to the Internet. Some people do it for the challenge. Others have more sinister intent. Regardless of the motive, what’s hard to grasp is the sheer number and technical ability of those trying. This simple misjudgment of numbers lulls engineers and system designers into a “good enough” zone of comfort. Examples of decent security implementations abound, alongside stories of hackers who walked right through them all. Engineers protected. Hackers laughed.
Here’s the difficulty: software engineering is very complex. Creating an application with seemingly simple functionality takes time and significant thought. Years of hard-won experience making complicated devices function don’t translate easily into defending devices against attacks. In school and at work, we are taught to write solid code that behaves gracefully in every predictable circumstance. Getting code to work properly is hard. Getting code to work while gracefully handling unexpected inputs is REALLY hard. However, writing code that can survive intentional targeted attacks is a very different game.
The Belkin WeMo security breach is unfortunate, and we empathize with the Belkin team regarding the frustration they must be feeling. A well thought-out Internet security plan is, at best, a Hoover Dam holding off a flood of motivated techno-guerillas fighting for the opportunity to win notoriety as the one who broke the dam. Fortunately, just as there are smart ways to design strong dams, there are also smart ways to design strong Internet security.
At Plum, we’ve made security a fundamental piece of the design and development conversation from inception. We know that a collective of Internet guerillas is smarter than any one team. We also know that perfect security does not exist. Given enough time and enough resources, any lock can be picked. We also know that security is part psychology and part technology. Essentially, keeping malicious hackers out is primarily about making it harder to break in than it’s worth.
More Layers of Security Is Better
The best way to discourage an intruder is to build multiple, independent layers of security. For example, as a West Texas native, I can tell you that thorny bushes and stinging nettle won’t stop me from riding my horse through a field, but also facing thick mesquite sure is discouraging. Add in some poison ivy, and I’ll change my travel plans. Plum is using multiple methods to keep data safe and the system secure. A multi-layered approach is more effective than having a single, or even a few, layers. Multiple, independent layers of security increase overall security by providing more barriers for potential hackers to overcome. Independent layers ensure that if one security method is compromised, the breach is limited and detected quickly. Our system is designed to halt a hacking attempt, even if one or more points of security fail. We are taking an aggressive approach to implement security to make sure your data and your devices stay in your control.
Encryption and Secure Communication
At Plum all device-to-server communication uses cryptographic protocols much like browsers use, when communicating with banks and other high security web sites. All data transferred between devices and our servers is encrypted using strong encryption methods. Additionally, we authenticate our servers using several methods to ensure that the server we think we are talking to is, indeed, our trusted server.
Engaging the Experts
We believe in consulting with Internet security experts and recognized leaders to ensure we are on the right path when it comes to security. Thus, we are assembling a Security Advisory Board that will verify that we have the best possible security plan in place well before we ship our first units.
Engaging the Crowd
Because we believe that the population of Internet prowlers is very large, we want to learn from them. Thus, we will host hack-a-thons where individuals will have the opportunity (in a controlled environment!) to hack into our devices. Those who succeed and share their methods with us will be paid a bounty and enjoy Plum-sponsored notoriety. With each hack-a-thon, we will learn more about how the security world is evolving, allowing us to adapt our strategy for keeping our system safe and secure.
We at Plum take security very seriously. Our platform will be among the most secure on the market. We already have a great design. We’re gathering the right team and will be testing and hardening our system through rigorous pounding. We have one clear goal – to keep your data and your devices safe!