Security Update June 2020
Last week the NVD (National Vulnerabilities Database) was updated with 19 new vulnerabilities affecting IoT devices.
Specifically, the ICS-Cert advisory for vulnerabilities in the TCP/IP stack used by some IoT devices, highlight important aspects of design and function of security devices. Sera4 products are not vulnerable to any of these attack vectors.
Security by Design
Our locks and controllers use the Teleporte Embedded software stack, which:
- does not include a TCP/IP stack,
- includes the capacity to perform software updates, and
- is regularly tested, maintained, and updated.
As a part of Security by Design, it’s important to limit the number of software and libraries used in developing a service. Some vendors may include a TCP/IP stack or services simply because the device’s operating system includes those features. Teleporte Embedded integrates only components that it strictly requires.
Equally, it is important that IoT devices are maintained and can be updated (in the field after entering service) to ensure security certificates don’t expire, and devices are left without security or support.
Teleporte is actively maintained, with regular updates to features and capabilities – the mobile application and lock software are always improving.
Keeping these in mind, rest assured that Sera4 leads the way in innovation and security for your critical application. To learn more about Sera4’s security innovations, contact us. We’d love to talk with you.