FIDO Authentication for IoT Devices

Hopes to address lack of standards for device-makers

Last week, the FIDO Alliance, a group that sets security standards for online authentication, announced that it’s expanding its security standards for Internet of things (IoT) devices. Until now, manufacturers of IoT devices haven’t adhered to any particular security standard for their devices.

IoT devices are notorious for poor security as they often come with default passwords and users fail to install important security updates. Hackers have been able to take control of such connected products and use them for cyberattacks. A high-profile example is Nest cameras, which have been hacked remotely to blare out false alarms.

The FIDO Alliance was founded in 2012 and it has helped to establish standards for online verification and security without passwords. Its certification has earned the trust of companies like Google, Facebook and Microsoft. Now, the alliance’s new IoT Technical Working Group has been tasked to do the same for connected gadgets. It will be looking to take on IoT issues like default passwords and manual updates for devices.

Passwords are a well-known weak link in security and the FIDO Alliance has been striving to eliminate them everywhere. The group counts some of the biggest names in the technology world as members including, Alibaba, Amazon, Arm, Google, Intel, Microsoft and Samsung. Others include businesses that rely on the web for delivering services, such as major insurance companies, credit card providers, banks and financial services companies.

Intel is providing the initial push by contributing the technical specifications of its Secure Device Onboard, a solution for device manufacturers that it launched in 2017. Its programme allows partners and customers to automate the provisioning of IoT devices to their cloud platform of choice. Although the solution initially covered devices powered by Intel processors, it was expanded to Arm-based devices, significantly broadening the solution’s coverage in the IoT supply chain.

Over the past 18 months, there have been a number of significant initiatives aimed at improving IoT security in the business world, such as the Industrial Internet Consortium’s Security Maturity Model, which provides practitioners with a conceptual framework for assessing the appropriate level of security and a best-practice guide of the measures they should be putting in place.

IoT devices are booming in popularity, with the market expected to touch 20 billion devices by 2020, so, understandably, the FIDO Alliance is hoping to have a solution in place soon. There’s yet no timeline for when it will release the standard for IoT onboarding, but if it makes IoT more secure, it can’t come soon enough.