Open remote connections a risk in IoT and M2M deployment
– Tosibox offers encrypted Plug & Go remote connection solution
Remote connections are widely used in automation systems, because of the vast and growing need of remote maintenance and support. Remote connections save time and money, but too often they are too complicated to use correctly or are not secure enough. Simply, secure and easy to use solutions haven’t existed.
The area has been studied and discussed widely. For example Aalto University study shows that there are thousands of automation systems in Finnish companies and societies open to network attacks. The study evaluated 20–30% of IP-address in Finland and found 2915 open connections of which 60% had been notified publicly. Majority of the open connections were among industry and building automation systems. If these open systems were attacked the consequences to the companies and the society could be severe.
Also the Finnish Communications Regulatory Authority’s article (in Finnish) is addressing its concern of industry control systems becoming objects for cyber attacks due to being connected to the Internet. The article notes that causing damage is only one aim for the cyber attacks, the other could be industrial espionage.
In their other recent article, the Finnish Communications Regulatory Authority article (in Finnish) claims that the industrial control systems are increasing their interest as the target for the cyber attacks. The most known cyber attacks have been Sandworm (or Quedagh) and Dragonfly (or Energetic Bear and Havex).
The first reported cyber attack happened to a steel factory in Germany in December 2014 causing massive damage. When IoT and M2M deployment is spreading as fast it currently is, it is expected that incidents like this will be reported more over the next couple of years.
Tosibox has developed and patented Lock and Key concept of the Tosibox Plug & Go technology, which overcomes the deficiencies and limitations of conventional data security and M2M solutions. Tosibox solution uses commonly known PKI standards and strong authentications such as TLS, RSA and Blowfish.
Unlike other encrypted remote connection solutions, Tosibox solution is entirely operator, network and device-independent. Tosibox solution works globally in broadband and mobile networks. Furthermore, it’s not tied into any service provider.
The Tosibox solution does not require fixed or public IP addresses, firewall openings or port forwarding, which greatly reduce connection problems. For security reason there is an inbuilt firewall in the Tosibox Lock and remote access is possible by serialized Tosibox Key only.
Tosibox Lock also solves a common mobile network disconnection problem by automatic recovering. It is designed to recover the communication as soon as it detects the communication level degrading partially or fully for any reason.