IoT is present in our everyday lives from buildings and manufacturing to refrigerators and baby monitors, but IoT should always come with cyber security. Unprotected networks are vulnerable to attacks and can easily be exploited, if not paid attention to.
To guarantee security, careful design and testing is required. From early on, companies should plan and prepare for security updates and incidents and know what to require from vendors and solutions.
The first ever TosiHack, an IoT security testing event took place in Turku, Finland on February 3, 2018. The hackathon was organized by Tosibox, Etteplan and TurkuSec association, who invited experienced data security investigators to compete in a testing and bug hunting challenge.
The event kicked off with a short product introduction and competition rules. The competition jury consisted of Etteplan and Tosibox company representatives, and the teams included skilled hackers from IT companies as well as information security students, all eager to get their hands on TOSIBOX® devices.
All teams were then provided with several different TOSIBOX® products and software and had seven hours to work on them. All means were allowed, including hardware debuggers and soldering irons. However, results obtained via physical tampering were not the highest priority.
The hackathon progressed in good spirit and all teams managed to report some findings and score points. Among the findings there were several useful discoveries, related not only to security but also general usability of the products.
TOSIBOX® performs at the highest security levels in the industry. It’s not a cloud service, but a direct VPN tunnel between the physical devices. Only trusted devices can access the network. The data between devices is not decrypted at any time while in transit, but always runs along its own private highway. The data cannot be accessed with passwords alone, but two factor authentication is always required. All of the users and keys are managed from a single console. So you can be sure that your network and data will remain encrypted and secure.
An event like this was a highly productive way of testing the award-winning TOSIBOX® technology and we believe that the best way to improve the IoT security is in an open manner together with the community and enthusiasts. Thank you to all the teams for their efforts, they are highly appreciated and useful for product development. We are already working on the issues that came up. And congratulations to the winning team from 2NS – Second Nature Security Oy!