IoT security

Tips for users and developers of IoT solutions

Making the Internet of Things safe


Secure IoT applications can exist – provided users and developers do not ignore the issue of security.


Text: Urs Binder,




The majority of devices and applications associated with the Internet of Things have not yet been designed with security in mind and some are positively riddled with dangerous weaknesses. To enable the Internet of Things to be used safely, both users and developers of IoT solutions must assign top priority to security.


Seven hints for IoT users

  1. Request secure IoT solutions from the suppliers.

  2. Take your IoT applications into account in your security strategy and risk analysis, as well as during monitoring.

  3. Primarily use IoT devices that enable authentication through the use of certificates and strong passwords.

  4. Operate your IoT applications within a network segment that has special protection.

  5. Activate any available endpoint security options that are available on your IoT devices.

  6. It is essential that you modify the factory settings for passwords and keys.

  7. Update your IoT devices regularly with the most recent firmware.



Eleven tips for IoT developers

  1. Treat security as an essential aspect while designing the solution or the product.

  2. Make it clear to the customers which data will be collected and how they will be protected.

  3. Integrate security measures at all levels of the solution (hardware, OS, communication, middleware, Cloud Services, applications, endpoint).

  4. Support the built-in security of the devices using fraud-resistant, biunique identities with the help of certificates.

  5. Use secure development methods, frameworks and platforms.

  6. Secure data traffic and data at rest using encryption.

  7. Design the devices in such a way that they are patchable and implement a secure patch mechanism.

  8. Conduct comprehensive quality assurance in order to eliminate weaknesses right from the start.

  9. Make use of the opportunities provided by modern hardware platforms (SecureBoot with TPM, hardware encryption, reporting of unauthorised accesses).

  10. Allow yourself to be supported by manufacturers and incubators – Microsoft or Breed Reply.

  11. Make use of services such as the IOT Inspector, in order to check the firmware associated with your IoT devices for weak points.