This text is written by Anders Holmberg, IoT Product Manager at IAR Systems.
There's been a lot of focus on cyber security in the general sense concerning how to protect your data in a connected world, and rightly so. But the latest cause for concern is the threats to connected devices, including everything from smartphones to industrial equipment and toys.
In the end of 2015, it was revealed that toy maker VTech had suffered an attack from hackers stealing personal information of more than 6 million children. Mattel has also been in the spotlight after experts claim that the Wi-Fi-enabled Barbie can be hacked. Unfortunately there's nothing indicating that these incidents are isolated or unique for the toy market. Rather to the contrary, it seems that there's a trend in companies rushing products to the market. And if security issues are even present in the requirements specification, they are far down on the list.
So how can we cope? On way is to start taking security into account when setting the feature list of our connected devices. In this area, there's a lot to learn from the Functional Safety community – If you're to design and implement a piece of equipment or functionality that must at all times prevent damage to people or property, you start out by doing a very thorough analysis of potential risks due to a malfunctioning device. Such an analysis will result in a set of specific safety requirements. One important aspect of such requirements is that they are seldom contributing to the coolness of the product. But if they're not properly taken care of, things can go horribly wrong. The same often goes for security requirements.
As a starting point, here's a partial list of things that might need a bit of thinking:
The important thing is not to solve all security issues in the world, but rather to create a list of potential security issues that might affect your system and then consciously decide if this is something you must deal with. And you better let at least 50% of that decision be guided by long-term business considerations. Otherwise you might find yourself at the wrong end of a media frenzy or even litigation, and that can easily kill your market.