Hubble Connected IOT Security
Baby monitors in the form of an IOT device over the years have evolved with new and cutting-edge advanced tech innovations which have become a compelling essential tool and necessity for every parent to keep their eyes on little ones. Ever since the evolution of connected IOT domain with humungous data flowing over the internet, Threats and bad actors continue to evolve to find new ways to breach data security, disrupt reputations and cause financial loss. That’s why, when modern customers are looking for a product, they also pay attention on to the backing IoT platform behind that product, they want to be certain that it comes with stringent security built in from the start, security measures that are robust, certified, governed and under constant scrutiny.
We at Hubble Connected understand that IoT security solutions are essential to doing business in today’s connected world. Without security, any business can be vulnerable to hacks and data breaches that make private information public and exploited, threatening the well-being and reputation of the company, its customers and business partners. As an responsible IOT platform service provider, we understand that every parent and care givers are a bit extra cautious and concerned about baby security and their privacy aspects, so having team of experienced security experts and veteran IOT specialists, we take pride in accepting the challenge and opportunity to serve the HubbleClub parent’s community with zero tolerance policy when it comes to maintaining security, privacy and implement necessary regulations and compliance standards in our end-to-end eco system of Apps — Cloud Operations — Firmware / hardware engineering development.
Our customers which are generally Parents and Guardians are more cautious and worried about their baby’s or kid’s privacy when data is transmitted over the internet, stored on cloud infrastructure, and processed in cloud. Encryption is the best way of keeping data safe and confidential as it is sent over the internet, so Hubble Connected ensures encryption throughout for all the sensitive data anywhere within the Hubble ecosystem, including at rest, in transit, or during processing. Utilizing SSL/TLS certificates specified as “https” protocol helps us ensure that user’s data in transit — remains protected and uncompromised. The security factors of SSL are based on the security certificates’
“Chain of Trust”, which may be seized by establishing malicious certificates. An extra layer of security in the form of SSL certificate pinning process helps us to prevent dangerous and complex security attacks where application relies on its stored certificates instead of relying on certificate authority stores licenses. There is no direct access to the internal code and functions of Hubble IoT platform. All interactions take place through a set of secure public-facing APIs, which expose every function of the platform in a way that can be used with our own applications or devices.
Hubble IoT supports a whole host of security standards and protocols that ensure communication with its APIs are secure and data cannot be compromised while stored or in transit between the cloud, devices and customer’s local network. Hubble for its most critical service of Live video streaming uses streaming solution which is certified by the National Institute of Standards and Technology’s (NIST) Cryptographic Algorithm Validation Program (CAVP).
CAVP validates that critical cryptographic algorithms are compliant with Federal Information Processing Standards (FIPS), the U.S. federal government’s standard for cryptographic software. The platform uses X509/PKI for client authentication and for initiating a secure communication channel from client to device. Devices use dynamically generated authentication (AES-128) for establishing a secure communication channel back to the initiating client. The mediation server passes the identity of the authenticated client to the device and exchanges a session key between client and device for data confidentiality.
For anybody to decrypt this level of security it will take around 2.61*10¹² years to decrypt data with the right quantum computer. Making sure Hubble IoT is secure and doesn’t stop at software design and development. Our cloud hosting partners play a critical role.
All personal data including username, passwords, baby’s vitals data, motion videos, snapshots, user preferences etc. are stored using AES — 256 encryption keys into the secure Amazon Cloud which is completely managed by AWS (the world’s #1 IAAS and PAAS provider). They help ensure the resilience and performance of Hubble IoT, meets the expectations of any mission critical system and that the servers, storage and network devices are physically secure. Hubble’s IOT platform has an extra layer of verifying the user’s identity before allowing critical resources access.
Multiple Factory authentication (MFA) is considered as critical component for security which application should have another method for authentication apart from normal traditional method (username and password). Usernames and passwords are vulnerable to brute force attacks and can be stolen by third parties using different methods so Hubble uses OTP (one time password) based authentication process which is sent to user’s email and mobile number during login. As passwords are easy to hack, OTPs are the first line of defence against potential unauthorized access.
Hubble’s platform provides more transparency about session (who else has logged in and when) and resource authorization. Parents can monitor, control, and manage their session with enhanced permission from mobile applications and defined permission for guest users that specify which are granted access and the operations they are permitted to perform on device.
Hubble IoT Platform has enrolled AWS advanced shield program which managed DDoS protection service that safeguards applications running on AWS & AWS WAF which helps us in protecting our resources (websites and API’s) by monitoring and filtering out threats that cause potential risk to our resources. Continuous improvement is better than delayed perfection. While IP camera or any IOT device firmware can be updated manually, the vast distribution of IoT-enabled devices like baby monitors in customer premises, even connected cars make manual update processes unfeasible and impractical.
Improving your device performance without disturbing your customer or recalling your device is a pretty cool concept. Just think about it, you could do a lot more things which were impossible without OTA. Without the power to repeatedly meet customer expectations, the IoT product will quickly become obsolete. Hubble Connected has over the years in its IOT framework built a secure, robust, and reliable wireless — over the air update mechanism to any of the IOT devices it produces. This advantage helps us to continuously add new features, fix security bugs, and improve product behaviour, even if the device is deployed in dispersed environments.
Hubble have ensured that all the firmware updates are signed and encrypted firmware OTA files for protecting against intellectual property theft and getting access to system design. Hubble IoT frameworks have the flexibility to upgrade any component (kernel, rootfs and firmware app) across the firmware stack quickly when vulnerabilities are reported or discovered Secure Mobile App.
Parents use their smart phones to view their little ones and access other connected features which are provided by Hubble platform, so its implicit that they need to feel more confident while accessing the live baby video feed or store and access data on and from the Hubble Cloud. Mobile malware causes vulnerabilities and bugs in the infrastructure and design of the application, HubbleClub app is designed in such a way that it detects and eliminates security vulnerabilities in the code and implemented application hardening measures to make it immune against reverse engineering.
Another provision we have is to block the app access on rooted or jailbroken devices. These types of devices may break the underlying security model of the device so the app while launch checks its own integrity while accessing and deactivates itself when any suspicious elemnets are found. Hubble includes application security testing in its yearly IT budget to keep it updated with latest recommended security knowhow and practises.
International Standard Compliances specifies the requirements for establishing, implementing, maintaining, strengthening and continually improving an information security management system within the organization’s context against cyber threats. It also includes requirements for assessing and treating information security risks tailored to the organization’s needs. Hubble Connected’ s compliance to this standard means that we maintain clear IT security controls in place to protect operations, hardware, and employees from cyber attacks.
ISO/IEC 27017:2015 is an information security code of practice for cloud services. It’s an extension to ISO/IEC 27002:2013 and it provides additional security controls for cloud service providers and for cloud service customers. It ensures that Hubble Connected has implemented information security processes and procedures to ensure information stored in the cloud is safe and secure.
The General Data Protection Regulation (GDPR) is a European Union regulation on data protection and privacy in the EU and the European Economic Area (EEA). The GDPR is one of the most wide-ranging pieces of legislation passed by the EU It was introduced to standardize data protection law across the single market and give people in a growing digital economy greater control over how their personal information is used. Hubble Connected is committed to protecting customers’ data to maintain their privacy. We strive to ensure compliance with GDPR and implement our information security and data protection policies. No personal data is shared with any thirdparty service without the user’s consent. All our technology partners are GDPR compliant Vulnerability Assessment and Penetration Testing VAPT or Vulnerability Assessment and Penetration Testing is a testing process which is used to detect various kind of security flaws in a network or a program.
Penetration Testing and Vulnerability Assessment is both different types of vulnerability Testing. 1. Vulnerability Assessment: Vulnerability Assessment is the process of finding flaws in software or a network. 2. Penetration Testing: This is conducted after the first process. In this security professionals check if the identified vulnerability exists by exploiting the application. Hubble over the years have included VAPT exercise in its IT budget and is periodically done to evaluate Hubble IOT platform. This has benefitted in keeping the platform and mobile applications up-to-date with latest security standards and recommended practises.
Following are the key benefits : It enables Hubble to have a comprehensive evaluation of its IOT platform and eco system. It enables Hubble in understanding loopholes or errors that can lead to major cyber attacks. It enabled Hubble to protect their data and systems from malicious attacks. Final Conclusion Our goal is to offer our customers the most secure, flexible and feature-rich connected and smart living IoT platform on the market. With the right philosophy, right mindset, right motivation, adopting recommended global practices and adhering best of security principles and guidelines, we have blocked hackers and their abhorrent practices to minimize risks and assure the best for our business continuity. We have strongly defined security policies and standards for our product security compliance that are not just technical but aligned with both regulatory and our business market industry needs.
Author for Hubble Connected : Amit Kumar Sharma [Chief Technology Officer — Hubble Baby (HK) Limited
Paresh Kanani [Associate Principal Engineer — Hubble Connected India