The recent news of security breaches by hackers and ransomware attacks has brought the issue of reader security to the forefront for many of our customers. Read below to find out how SensThys readers are well-positioned to protect your company from these increasing threats.
In general, hackers are looking for easy targets, i.e., devices with no security features to prevent unwanted entry into your IT system. RFID readers have not had to deal with this threat previously, so no attention was given to designing readers that discouraged, much less prevented security attacks. Most readers are easily hacked, becoming entry points into IT systems.
This is not the case with SensThys readers.
Below is an edited version of an expanded discussion that Jo Major, our CEO here at SensThys, had with some company members explaining the unique features of the Enterprise reader that make it pretty much hack-proof. You can view the full video by following the link below.
Edited Transcript of August 18, 2021, Conversation with Jo Major regarding SensThys Security Features
When we started our products, the notion was that our readers would have fairly light computational abilities, but they would be a networked appliance. We could plug other things into our readers and that led to some choices. Many of our products have a microchip PIC processor in them. They also have an integrated five port integrated switch. So, if you look at the Enterprise, as an example, it’s got one POE in port, where it receives power; and then it has three ports, where we can take data and power back out of that reader. The intrepid reader would say it’s a five -port switch, but you have only talked about four ports. Actually, the fifth port goes to our PIC processor. It’s an IEEEE 803.23 bt switch. These design choices turn out to have additional significant benefits.
Security Features Improved:
We have had a couple of customers come to us, unrelated to the architecture of our readers, and want to make our readers more secure. Some of that work led to EPIC, where we built an integrated error correction platform inside of the reader. Some of that work also led to some architecture around these readers that works well with security. Specifically, we now can configure with our RFID console; more importantly, we have a full RESTful API integration that allows you with the security features of RESTful to remotely talk to and configure these machines. In parallel with that, we now have Transport Layer Security, TLS 1.2 in place and will be migrating to 1.3 in the near future.
We work with customers that work with three-letter agencies of the government, the military, and in Pharma, and in working with these customers we are developing an interesting suite of capabilities. For example, we can now white-list, gray-list, and black -list IP addresses. So, for example, as you are setting up your machine, if you want it to spit out data somewhere, the IP address to where the data is sent is white-listed. It will send to and receive information from that particular IP address. We can also gray list and black-list. Gray list simply means if is not a white-listed IP address, when that address pokes in, we can offer an authentication of that particular IP address. So, someone comes in from a new computer, it will go through a series of challenges to verify that you should provide them access. Black-list is obviously what you would expect. If a know bad actor comes in or someone tries to come in through the gray list, and they provide the wrong credentials, then that IP address becomes black-listed, and we go dark to that IP address.
What’s interesting is that a lot of this is made possible because of where we started. Remember we started with a PIC processor and a switch, and we wanted to keep the load on the processor low. So, everything that we running is free of an operating system. This brings us to the next interesting customer interaction.
Recently a major gas pipeline on the East Coast was taken offline by some hackers breaking into some IOT devices. It was super easy and super embarrassing for everybody. All these IOT devices just allow people to come screaming in. So, people are starting to think about it more.
Penetration Testing:
Last week we had the interesting dialogue with one of our customers. Our IP 67 reader does have an operating system and does have an ARM processor in it making it easier to break into. This customer ran it through a security screen. This penetration testing is where companies build tools and you let the tool go crazy on your device to see how easy it is to hack. We did pretty well.
Our customer offered to look at our readers that have a PIC processor. The interesting thing there was that, of course, there were NO open security issue with that device. That device doesn’t have a lot of our newest security features. What our customers tested was a SensArry Pro, which is a device that we have recently obsoleted and replaced. The newer devices that supersede it have more and more and more security features in them. And that is not even what they tested. They just tested a run of the mill SensArray reader from us. They couldn’t get into it. It doesn’t have an operating system; doesn’t talk the same languages. You are interfacing with a switch instead of the processor. So, that is exciting.
From the inside of a LAN, we can receive the data from several devices or a lot of devices and pump it out through that unified port on a SensArray reader. So, in effect, we can protect and isolate behind this switch that can white-list and black-list and behind a processor that has no operating system. So, it just looks opaque to a hacker. We can isolate a whole series of products that stand behind our reader.
Company Liability:
One of the things that is happening in the board room of major corporations is that shareholders are treating security and anti-hacking security as something that companies are responsible for. If there are major hacks or leaks that cost the companies money, shareholders are beginning to become activists and actually sue companies for bad security functionality.
Pushing down the path of making these readers really secure allows customers to put hand over heart and say “Yeah, if you want to pump data out to the Cloud, these are great devices to do that.”
Ready to find out more?
Drop us a line today for a free quote!