LIVE FROM GSMA MOBILE 360 SERIES – PRIVACY & SECURITY: Telefonica highlighted devices as the weak spot in IoT security, with the sheer number of units being deployed putting the emphasis on the network to provide protection.

Discussing the operator’s real-world experience so far, head IoT Security Vicente Segura (pictured) explained IoT devices have limited resources available, impacting the ability to build security features into the devices themselves.

IoT devices also face “limitations in terms of power, processing and so on,” he noted. As a result, he added, “the network can help a lot”.

Segura explained device authentication can be handled in the cloud using SIM cards: “After the bases are secure…this is a good trust anchor,” he stated.

However, authenticating devices alone is not enough to ensure IoT security. Segura explained devices may still be subject to attack, either physically or remotely, and the configuration of the unit changed: “The device can start to do strange things” which impacts operator networks.

Detection systems are, therefore, key to IoT security. Segura explained in-depth investigations of anomalies can only begin once the network detects a problem. While in the case of a smart meter, such detection is relatively straightforward (it sends the same types of information at regular intervals), the large number of IoT devices and use cases mean operators must develop methods to simplify the process of detecting errors across a vast range of IoT devices.

Segura said getting “information from the network” enables operators to “create profiles of devices” to ease the task of detecting anomalous behaviour.