Panasonic has laid out plans to improve IoT defences with information gathered through attacks on their own devices. The company will create ‘honeypot’ devices to bait bad actors to attack from which they’ll collect the attack data from.
Speaking at Black Hat security conference security conference last month in Las Vegas, the announcement came as the tech giant laid out the company’s strategy for improving IoT defences. Based on a five-year project, the strategy will gather and analyse data on how the company’s own products are attacked.
The manufacturer is hoping that by implementing these IoT honeypots – ranging from home appliances and other internet-connected electronics – will give them the knowledge to catch real-world threats and even patch vulnerabilities in-house.
The information gathered can reveal things like openings that need patching, or the current strains of malware and analyse them so that devices are programmed with effective defences.
This comes amid a surge in global attacks on IoT devices, which as of 2023, have seen a 41% increase in the average number of weekly attacks per organisation targeting IoT devices, compared to 2022.
Other organisations, like the UK’s National Grid, which also uses IoT to balance energy demand and supply, is also planning to utilise ‘honeypots’ to counter the surge in cyber-attacks it is experiencing.
Panasonic efforts to track threats and develop countermeasures are dubbed Astira. Insights from Astira feed into the IoT security solution known as Threat Resilience and Immunity Module, or Threim, which works to detect and block malware on Panasonic devices. Data reported from Panasonic products running ARM processors had a malware detection rate of about 86% for 1,800 malware samples from the ASTIRA honeypots.
Such IoT threat intelligence work is rare from an established manufacturer, but it comes as many major countries around the world are beginning to implement IoT-specific legislation. Panasonic says it would like to share its findings and collaborate with other companies so the industry can start to compile a broader view of the latest threats across products.
Much anti-malware functions are built in from manufacturing, lightweight, and don’t affect the capability of the device itself. Yet, patches through firmware come through updates, a capability Panasonic believe is often lacking in the industry as a whole; although, the company concedes firmware updates aren’t always a feasible solution to dealing with IoT security issues.
This is because Panasonic believe end users don’t have adequate education about the need to install updates on their embedded devices, and not all updates can be delivered automatically without user involvement. Panasonics therefore intends to meld patches with built-in malware detection and defence.
Panasonic claimed this strategy was due to their belief that manufacturers have a part to play in security strategy for products rather than relying on third-party security solutions to defend IoT.
The US recently announced a Cyber Trust Mark that will reward manufacturers meeting security requirements on their IoT devices with a label of quality.