Ahi Consulting
CyberSecurity & BlockChain

IoT and Mobile Device Security

2. IoT and Mobile Device Security

The openness of these platforms offers great opportunities to all parts of the Mobile Eco-System. However, with this openness comes unrestricted access to other mobile resources directly or through APIs by applications of trusted and untrusted origin, which could result in a security breach to the user, the device, the network or all of the above, if not managed by proper Security Safeguards and Architecture.

There are several strategies to enhance IoT and Mobile Application Security:

Application Whitelisting (i.e: Trusted APIs)
- Ensuring Transport Layer Security (i.e: VPN)
- Strong Authentication and Authorization and requiring Privilege Access (i.e: Two Factor Authentication and Minimum Access to only when required)
- Encryption of Data when written to memory (i.e: Encrypt data at rest with AES 256)

- Sandboxing of Applications (Safeguarding Access)
Granting Application Access on a per-API level
- Proper Session Handling