Verimatrix Labs
Mar 16, 2017

October 21, 2016 was a jarring day for the citizens of the connected world. That’s because on this otherwise wholly uneventful Friday, the internet connection for most of the East coast of the United States and parts of Europe was knocked offline. Twitter, the tried and tested instant reporting platform used world-over, was down. Netflix and CNN were unresponsive and people were having difficulties placing orders on Amazon. It was a day that Sci-Fi authors foretold and technologists joked about, but it was a surreal experience to see what everyone did when “the grid went down.”

The temporary blackout caught the connected world off guard and sent up red flags throughout the security community. After all the dust had cleared and the services were restored, researchers and government bodies alike scrambled to diagnose the cause and pin down the perpetrator. It wouldn’t take long for them to discern the source of the attacks, but what their investigations found offered little in the way of comfort.

Dyn, one of the world’s largest DNS providers, was the target of a concentrated distributed-denial-of-service (DDoS) attack, disconnecting some of the largest and most trafficked sites from the internet. The culprit? A massive botnet, infected with the Mirai malware, exploiting overlooked or unaddressed internet connectivity functionality in devices. An attack of this scale would require thousands, or even millions of devices, all connected and participating in the attack, their users unaware that anything is happening. 

To pull an attack like this off, the botnet would need an army. Say, an army of baby monitors, home security cameras, printers and smart light bulbs. Luckily for the attackers, Internet of Things (IoT) manufacturers of the past had already paved the way for an attack of this magnitude when they overlooked common avenues of exploitation in favor of fast, cheap and easy to produce products.

In the aftermath of the DNS outage, manufacturers faced a difficult decision. Do they recall all legacy devices due to the insecurities within them, or do they attempt to find a way to patch/secure this network of objects? Neither option will be easy nor will it be cheap, but with the ever growing number of connected devices in homes and businesses, one or both options will necessary in the coming years. With that in mind, companies had to weigh the potential fallout versus the potential cost of recall and repair.

Conditional access providers have a pre-built framework for supporting the growing need for authentication and security to keep up with the rapidly advancing developments in rights management, home protection and integration with IoT hubs. By shouldering the burden of verification and the guarantee of a secure environment, conditional access providers can offer solutions to both sides of the consumer market when it comes to protecting the home and IoT environments. A verification and authentication platform for IoT hubs allows legacy products to coexist within the same IoT ecosystem as the newer, more security-focused devices, all without sacrificing the overall integrity of the system. In offering a third-party security platform to manage the average IoT hub, conditional access providers open the doorway to both consumers and manufacturers, allowing either party to integrate the CAS to their own environments and implement advanced security measures in the most efficient and effective manner possible.

The transition to including authentication of in-home IoT devices can be a smooth one, allowing consumers and providers alike to take advantage of the security built into a conditional access platform. Granular control paired with ease of use and peace of mind is what drives the adoption of IoT devices every day. Consumers want the best equipment that brings the most value to their daily lives and makes everything in the system “just work”. These concepts tend to overshadow the possibility of security vulnerability and even when advertised, most consumers would rather ignore the threat than attempt to wade into the complicated and sometimes costly work of upgrading and patching hardware.

By taking advantage of the pre-existing architecture and development within a conditional access system, developers are able to easily adapt and modify applications to work with both components, the CAS and IoT hubs. In addition to standard account verification, content entitlement checks and subscriber management, developers can expand the CAS application to authenticate and track attached devices to a subscriber’s account. This gives either the customer or the operator the ability to authenticate all the devices in a given system and manage the rights and access of those devices from a single organizational point. Streamlining the approval, maintenance and monitoring of all of your IoT devices clears away the confusion and hassle of individual device maintenance and decreases the entire system’s vulnerability to exploits by providing the framework for regular updates and patching as well as authentication.

When you think about it, no one wants to spend their free time troubleshooting something they purchased to make life easier and at the same time, no one wants to leave themselves vulnerable to the ever-increasing number of available attacks. The simplest solution when faced with this quagmire of desires is to let someone else do the worrying for you, and that’s where conditional access providers really shine. We’ve put in time and thought to solve the problems of securing scalable systems with myriad device types in a convenient and easy to implement manner, so it’s only a natural extension of our previously built-upon work to provide a secure, easy to use management system.