Free Trials

Download a free trial to find out which Altium software best suits your needs

How to Buy

Contact your local sales office to get started on improving your design environment

Downloads

Download the latest in PCB design and EDA software

  • PCB DESIGN SOFTWARE
  • Altium Designer

    Complete Environment for Schematic + Layout

  • CircuitStudio

    Entry Level, Professional PCB Design Tool

  • CircuitMaker

    Community Based PCB Design Tool

  • NEXUS

    Agile PCB Design For Teams

  • CLOUD PLATFORM
  • Altium 365

    Connecting PCB Design to the Manufacturing Floor

  • COMPONENT MANAGEMENT
  • Altium Concord Pro

    Complete Solution for Library Management

  • Octopart

    Extensive, Easy-to-Use Component Database

  • PRODUCT EXTENSIONS
  • PDN Analyzer

    Natural and Effortless Power Distribution Network Analysis

  • See All Extensions
  • EMBEDDED
  • TASKING

    World-Renowned Technology for Embedded Systems Development

  • TRAININGS
  • Live Courses

    Learn best practices with instructional training available worldwide

  • On-Demand Courses

    Gain comprehensive knowledge without leaving your home or office

  • ONLINE VIEWER
  • A365 Viewer

    View & Share electronic designs in your browser

  • Altium Designer 20

    The most powerful, modern and easy-to-use PCB design tool for professional use

    ALTIUMLIVE

    Annual PCB Design Summit

    • Forum

      Where Altium users and enthusiasts can interact with each other

    • Blog

      Our blog about things that interest us and hopefully you too

    • Ideas

      Submit ideas and vote for new features you want in Altium tools

    • Bug Crunch

      Help make the software better by submitting bugs and voting on what's important

    • Wall

      A stream of events on AltiumLive you follow by participating in or subscribing to

    • Beta Program

      Information about participating in our Beta program and getting early access to Altium tools

    All Resources

    Explore the latest content from blog posts to social media and technical white papers gathered together for your convenience

    Downloads

    Take a look at what download options are available to best suit your needs

    How to Buy

    Contact your local sales office to get started improving your design environment

    • Documentation

      The documentation area is where you can find extensive, versioned information about our software online, for free.

    • Training & Events

      View the schedule and register for training events all around the world and online

    • Design Content

      Browse our vast library of free design content including components, templates and reference designs

    • Webinars

      Attend a live webinar online or get instant access to our on demand series of webinars

    • Support

      Get your questions answered with our variety of direct support and self-service options

    • Technical Papers

      Stay up to date with the latest technology and industry trends with our complete collection of technical white papers.

    • Video Library

      Quick and to-the-point video tutorials to get you started with Altium Designer

    Internet of Things Security Best Practices: Passwords, Patches, and Portals

    November 27, 2017

    Evil hacker at work

    If you’ve ever created devices for military applications you’re probably used to designing with security in mind. If you’re more like me, and just build the odd Internet of Things (IoT) doodad, that’s probably the last thing on your mind. However, recent cyber attacks are highlighting why engineers like us should be a little more concerned with security. These design best practices will show you how you can safeguard your systems.

    Why Secure the IoT?

    On the face of it, most IoT devices seem harmless. Now, though, even the most innocuous gadgets can become a weapon in the hands of a hacker. These malicious programmers can use malware to infect poorly secured devices and add them to massive botnets. Botnets are then used to perform distributed denial-of-service (DDoS) attacks, which can take down web services.

    Hackers don’t need a sophisticated computer to perform a DDoS assault. They just need a device that connects to the Internet. Interestingly, IoT devices make up a huge portion of these botnets, because most have poor security. The Mirai botnet, which took down some DNS services in 2016, used thousands of Internet-connected cameras and DVRs. If you don’t want your inventions to end up as a soldier in some hacker’s computer army, you should implement a few safety measures.

    Zombies attack

    Botnets, or zombie armies, take down web services with DDoS attacks.

    No Hard-Coded Passwords

    If you design embedded systems, you’ve probably used a hard-coded password before. Depending on your software architecture, putting passwords in read-only memory is sometimes the most straightforward choice. Unfortunately, it’s also dangerous.

    In the realm of industrial IoT, many supervisory control and data acquisition (SCADA) systems have hard-coded passwords. This presents a huge risk, as these systems often control things like power plants and energy infrastructure. In fact, in 2010, hackers were able to attack one of Iran’s nuclear facilities because they knew some of the passwords that were hard-coded into the equipment. If you’re designing an IoT device for a critical system, like a power plant or a self-driving car, you need to let the user change the password. Otherwise, the results could be devastating—even deadly.

    Even if you’re just designing light bulbs, you should still allow users to change passwords. Many of the IoT devices in the Mirai botnet had hard-coded passwords. Since these things are being made en masse, a hacker can take over thousands of devices simply because they know one password.

    123456 password written on a sticky note

    Hard-coded passwords make devices easy targets.

    Enable Patching

    Even if you rigorously test your device in-house and think you have covered every base, vulnerabilities will be discovered in the field. If you can’t patch, update the code for your device over the air, or make patches available to users, your gizmo could be a sitting duck.

    There’s currently no financial incentive to build your device so that it can be patched, though in the future there might be. The US Senate recently introduced legislation that gives designers guidelines on how to make our devices more secure. One of their requirements is that IoT systems be patchable. If we’re going to have to design for this in the future, we may as well do so now.

    Use a Gateway

    Up until now, many IoT devices were designed to connect directly to the Internet or to a user’s computer or phone. As the IoT grows, this method is untenable for multiple reasons, including complexity, increased processing, and—most importantly—poor security.

    When thinking about cybersecurity and the IoT we need to consider the “attack surface.” In a large, low-power wide-area IoT network you may have thousands of devices or sensors connected. If they’re all connected directly to the internet, you will have an enormous attack surface, and a hacker could gain access to the network through any one of those devices. Using an IoT gateway can help you consolidate security and present a smaller target to potential intruders.

    A gateway acts as a communication node for an IoT network or system. Usually, these will be able to connect to devices using a variety of standard protocols, like Bluetooth, and may have some onboard processing. Since most or all information is routed through the gateway to the Internet, it presents a smaller target than thousands of different devices. Then you can focus on securing a handful of portals instead of an army of sensors and other gadgets.

    The Internet of Things will certainly be an amazing tool for societies around the world, but it is also becoming a dangerous weapon. Poor security features have allowed hackers to attack critical infrastructure and co-opt devices into massive botnets for online assaults. As a designer, you can help mitigate this threat by allowing users to change device passwords, making your products patchable, and integrating your devices with IoT gateways.

    Admittedly, you have many things on your plate, and these fixes aren’t always easy to implement. That’s why you should think about using PCB design software like CircuitStudio® . It has a host of tools that were created to help you during design.

    Have more questions about IoT security? Call an expert at Altium.

    most recent articles

    Back to Home