What can digital locks teach us about IoT failure modes?
Veterans of the security or IoT industries will be familiar with the humble digital lock – but thinking about this kind of established smart technology provides a valuable window into the complex and fickle challenges of risk, security, and failure modes in the wider world of IoT devices.
Locks and keys in a digital world
With the use of digital locks becoming more widespread cross multiple industries we felt it would be good to reflect on the subject and illustrate some of the twists and turns of IoT failure modes. This will help IoT device makers to think about unexpected (and sometimes challenging) consequences and issues, to then plan accordingly.
Locks, in their mechanical, non-smart form, have been around for thousands of years, securing the valuables of ancient Assyrians, high-status Romans, and pioneers of the Industrial Revolution alike with increasing degrees of sophistication.
Given this history of ever-advancing refinement for locks and keys, it’s no surprise that digital locks have seen swift and widespread adoption across a wealth of hotels, offices, prisons, and almost any other context in which a secure environment is of paramount importance.
After all, this latest step in the history of the lock allows organisations like hotels to manage large-scale locking processes with ease, providing access to rooms or invalidating their use at the touch of a button. The same can be said of AirBnB hosts. They benefit greatly from a smart solution to the problem of strange guests walking off with their keys.
Each of these advantages, however, come hand-in-hand with the same significant caveat.
Unlike their ancient Assyrian counterparts, today’s digital lock manufacturers are faced with a tricky but unavoidable question. In one form or another, this needs to be confronted in any manifestation of smart tech: what should happen when their lock fails?
How should locks fail?
Again, this isn’t a question that needed to raise its head in previous millennia. Traditional locks are steeped, as the phrase suggests, in tradition; we know how to make them; and they rarely fail.
IoT locks, by contrast, extract a heavy price for their convenient features and stylish effect: they can stop working.
There might be any number of causes for their failure, from power outages or damage to deliberate and malicious actions, but the end result is the same – the lock will stop responding to its corresponding key.
Of course, it’s a requirement for IoT devices to have a backup plan in place if they fail – but locks are an illustrative example of how tricky it can be to decide on an appropriate failure mode.
Or, to put it another way: should the lock open or close if there’s a power outage?
Depending on your circumstances, your answer to this question will vary. Those stuck in a burning building, for example, might have a slight difference of opinion to those whose house is about to be burgled.
Safety versus resilience
Failing to pay attention to the tricky, failure-based aspects of IoT often has striking implications – at least anecdotally – in the context of automotive smart locks.
According to one such anecdote, a well-known car manufacturer decided to demonstrate the power of their advanced locks by inviting a car thief to try and break into the latest model.
The expectation, of course, was that the thief would quickly get bogged down in various ineffective forms of lockpicking and break-in strategies in a triumphant display of the new lock’s potency.
In fact, the thief (or so the story goes) simply wandered to the front of the vehicle, gave it a good, hard kick, and caused the smart locks to open automatically – just as they were programmed to do in the event of a ‘collision.’
Needless to say, this was not an optimal failure mode.
Creative solutions to new vulnerabilities
The key lesson, here, is that you need to think harder when it comes to IoT security – and, if you don’t, failure modes and smart features alike can be readily abused by bad actors.
In fact, automotive locks are a prime example of how smart locks (and, by extension, IoT devices more broadly) benefit from a more comprehensive and creative approach to their security.
Keyless Entry/Digital key fobs are by far the most prominent cause for car theft today. Enterprising hackers have been known to unlock cars whose keys are within a couple of feet of their owner’s front door: with the right receiver and repeater devices, a key nestled safely in its owner’s hallway can be tricked into unlocking their car at a distance.
There are also well-documented cases of replay attacks where the hacker captures the key being sent to the vehicle. Due to a failure to implement a time-based random number generator, the digital key can be sent or “replayed” by the hacker at a time of their choosing to unlock it.
This might sound outlandish, but according to firms like LV= General Insurance, keyless car technology has been driving a “significant increase” in car theft. This supported by Upstream’s “Security-Global Automotive Cybersecurity Report 2021” report, which revealed 26% of vehicle hacks are against Keyless entry/Key fob’s.
The next generation of keys are finding new and innovative ways to respond to this issue. For example, by incorporating a motion detector to ensure that the key only works when its owner is walking towards their car.
Not a perfect solution, perhaps, but this is a great example of how IoT technology requires new ways of balancing security and resilience with the frictionless convenience that IoT promises.
A problem of scale
It’s important to remember that – without wishing to sound too dramatic – the stakes involved in securing IoT devices like smart locks are potentially high.
After all, for some hackers, there may be little distinction between unlocking one smart car through, say, an abuse of failure modes or app-based vulnerabilities, and unlocking every car of the same manufacture in a given city.
Or, to continue pulling at the thread of smart locks, it may be a simple matter for failure to encompass not just one lock in a hotel – or a prison – but every single lock in the building, with all the risks and concerns that this kind of mass unlocking implies.
This concern isn’t limited to locks, but to any kind of IoT device that’s used on an enterprise-wide basis: in these instances, it’s vital to think about the scalable possibilities of abuse or disruption.
How Trustonic can help
Well-versed in both automotive and IoT cybersecurity, Trustonic offers a robust solution to the complex and ever-changing nature of smart tech vulnerability through its Trusted Execution Environment (TEE).
By providing a secure environment for executing code, Trustonic ensures that everything that falls within the purview of its TEE – assets, code, and the foundational operating system (OS) on which everything is built – can be trusted.
This means that the physical, hardware TEE is entirely separate from all other aspects of the device, providing valuable isolation between trusted assets and the rest of the host device. Ensuring that the executing code and assets are free from interference of any kind.
Trustonic’s TEE – named Kinibi – is certified at an industry-leading standard. In a world of increasing regulatory oversight and creative new forms of hacking and disruption, this high standard of trust and quality has never been more appealing.