Sera4 IoT Devices: Designed With Security in Mind

We continue to see security threats affecting IoT devices. In this recent Ars Technica article, they share that a lot of these devices are exposed because they are built with old TCP/IP network stacks that use old security paradigms. That’s one of the risks in using open-source code.  And the risks are really serious – opening back-doors in otherwise secure networks for all sorts of nefarious activity. 

We want to remind people that such attacks aren’t possible on Teleporte-controlled locks. 

  • No TCP/IP stack – we aren’t vulnerable to this specific attack because we don’t use the Internet Protocol 
  • No open-source code – we have designed and implemented ALL embedded code in-house (Canada) 
  • No connectivity to customer networks – there’s no way to open a back door into your network when our devices aren’t even on the network. 

You can continue to rely on Teleporte‘s security because, from the start, we’ve incorporated a security-first approach. While IoT risks in the world are some of the most serious and difficult ones, they don’t have to be if the systems are designed with security in mind. 
 
Trust in us, as security is our #1 focus, and we’ll continue to deliver secure solutions to the market. 

How Teleporte achieves Scale, Security & Reliability

Our own Jeff Klink is interviewed by SiliconAngle at Kubecon 2020 and authored an article in InformationAge, sharing how Teleporte Cloud is designed for scale, security and reliability. Both pieces focus on Sera4’s leading transformation into a distributed microservices cloud architecture, with some recommendations for others who want to follow us.

Security Update June 2020

Last week the NVD (National Vulnerabilities Database) was updated with 19 new vulnerabilities affecting IoT devices.

Specifically, the ICS-Cert advisory for vulnerabilities in the TCP/IP stack used by some IoT devices, highlight important aspects of design and function of security devices. Sera4 products are not vulnerable to any of these attack vectors.

Security by Design

Our locks and controllers use the Teleporte Embedded software stack, which:

  • does not include a TCP/IP stack,
  • includes the capacity to perform software updates, and
  • is regularly tested, maintained, and updated.

As a part of Security by Design, it’s important to limit the number of software and libraries used in developing a service. Some vendors may include a TCP/IP stack or services simply because the device’s operating system includes those features. Teleporte Embedded integrates only components that it strictly requires.

In-Field Updates

Equally, it is important that IoT devices are maintained and can be updated (in the field after entering service) to ensure security certificates don’t expire, and devices are left without security or support.

Teleporte is actively maintained, with regular updates to features and capabilities – the mobile application and lock software are always improving.

Keeping these in mind, rest assured that Sera4 leads the way in innovation and security for your critical application. To learn more about Sera4’s security innovations, contact us. We’d love to talk with you.