Afero Blog

Security at Birth – in the Factory

Storing security keys in flash memory is never a good idea. It becomes trivial to extract them and one of the best places to do that is in the factory where devices are made. A malicious actor could build up a database of every device you make and then use it at a later date to clone any IoT device on your network, at will. Even if the contract manufacturer is not skimming credentials, a 3rd-party actor could do it by compromising the factory machines. It may not happen today, but as soon as your IoT system becomes popular it will be a target and you will never know if it has been compromised in this way.

How can you prevent this? One could institute factory audits and attempt to lock down programming machines to keep them free of malware, or you could avoid the whole problem and not store keys in flash memory at all. This is what Afero does – we use a pre-programmed Hardware Security Module that cannot be read or cloned. This gives you confidence that your IOT devices are not compromised in your supply chain and will have a long, secure lifetime ahead of them.

Ben Gibbs

Ben Gibbs has over 20 years experience in the wireless and communication industry from product management to engineering to project manager. Prior to Afero, he worked at Qualcomm leading WiFi Access Point developer products as well as wearable display product line. He also held technical positions at Sharp Labs, Intel, Qualcomm, GEC Marconi and Mitsubishi. In addition to being fluent in Japanese, he is the organizer of the Silicon Valley Minecraft Meetup - a group for developers and parents of Minecraft players.