Five factors to secure IoT devices from hackers

  • June 18, 2024
  • Steve Rogerson

To protect IoT devices and industrial control systems (ICSs) from hackers, California-based iValt is securing human access through the use of five factors of identity to ensure credentials can only be used by the authorised person.

This is in response to escalating attacks globally. For example, Rockwell Automation recently advised customers to disconnect all ICSs from the internet. Most hacking success for these applications is due to the theft of authorised credentials or companies simply not changing default passwords.

Remote access over the internet using virtual network computing (VNC) is especially vulnerable, particularly when hackers gain access to human-machine interface systems that control devices.

The iValt One-Click to Zero Trust (trust nothing, verify everything) offering uses more than five factors to verify identity: biometrics, device ID, geofencing and time windowing, unique application IDs, and dynamic variables. An employee’s mobile phone number serves as the user ID, and there is no need for passwords or six-digit verification codes.

This can support employees with differing login workflows, create a customisable experience based on the needs of the enterprise, and offer device-to-device authentication. Integrating the offerings into existing infrastructure takes only hours, not days or weeks.

“You shouldn’t have to choose between securing your business and giving employees the access they need to get their work done,” said iValt CEO Baldev Krishan. “Proper device management and security updates, coupled with iValt’s identity verification, will greatly reduce these attacks and prevent identity impersonations from gaining access. IValt can also prevent social engineering and deepfake attacks from hackers calling in and impersonating authorised users to gain access to information, initiate actions or steal credentials.”

The company has been working with the Twain Working Group (twain.org) to devise the security it needs. The group is a not-for-profit organisation representing the imaging industry. Twain’s purpose is to provide and foster a universal public standard that links applications and image acquisition devices.

“The Twain Working Group takes information security very seriously, especially in our Twain Direct and ISO PDF Raster technologies,” said the group’s chairperson Joseph Odore. “We are extremely excited to have iValt closely engaged with the TWG and its member companies, guiding us on the technologies required to achieve the highest level of security for network-attached IoT document scanners and multifunction devices. Some of the interesting use cases include multi-factor authentication, identity verification, geofencing and dynamic passwords adhering to the latest Nist standard of the US Cyber Trust Mark regulation or a similar regulation with the Product Security & Telecommunications Infrastructure (PTSI) Act passed in 2022 by the UK government. Overall, there are many different ways that iValt helps ensure IoT devices are secure endpoints.”

IValt (ivalt.com) was founded by Baldev Krishan and Brian Stout in Silicon Valley in 2019 with the mission of enabling mobile-based biometric authentication for any application, at any time and from anywhere.