01 Oct 2021

IoT security

The key to protecting your customers - and your business.


For all the value they deliver, IoT applications exist within an extremely hostile environment in which they are constantly under attack. For them to unleash their full potential, IoT security challenges must be addressed – from day one. Our five pillars of security offer a solid foundation for robust and secure connected solutions that protect businesses and end users against IoT security risks.

What is IoT security?

IoT security refers to the set of measures taken to secure IoT devices and the networks they are connected to. With ubiquitous connectivity come new risks. Once a nice-to-have feature, IoT security has become a foundational element in today’s connected applications.

Because they are exposed to the broader internet, IoT device developers must constantly be mindful of the following principles:

  • Attacks always cause harm, including immediate costs, damage, and consequential costs.
  • Any exposed interfaces in applications can be used as attack surfaces.

Safeguarding IoT devices, protecting data, and ensuring data transmission security has become paramount to building a sustainable business against growing IoT security threats. With robust end-to-end security measures in place, business can protect their revenues and, by protecting devices and sensitive data, mitigate costs associated with operational and reputational damage.

IoT security challenges

IoT devices are continually exposed to all manner of constantly evolving IoT security threats. The most common categories include:

  • Data theft: If IoT hackers gain access to vulnerable devices, they can steal sensitive and potentially confidential data and sell it to interested parties online.
  • Device manipulation: Business-enabling IoT devices such as smart meters with firmware manipulated to modify system behavior can, for example, under-report consumption.
  • Denial-of-service (DOS) attacks: Large numbers of IoT devices can be recruited into so-called botnets to carry out coordinated attacks, for example, to shut down websites.
  • Unauthorized access: If poorly secured, connected surveillance cameras, door locks, and IoT devices featuring microphones and other sensors can be hijacked.
  • Ransomware attacks: IoT devices with security vulnerabilities can be locked to disrupt business until a ransom is paid.
  • Sensor spoofing: IoT devices can be fed false information, causing them to malfunction. Sensor spoofing can involve anything from sophisticated RF signal interference to simple cardboard cutouts to fool cameras.

The five facets of IoT security


The five facets of IoT security

The five pillars of IoT security

Integrating the u-blox five pillars of security, our solutions, products, and services will help you protect your and your customers’ business in today’s connected world.

1. Secure boot

Secure boot ensures that any firmware running on an IoT device is authentic and has not been modified. Devices featuring secure boot will only boot and run trusted software issued by the original device manufacturer.

2. Secure firmware updates (FOTA)

Fielded IoT typically require regular upgrades to add new feature and apply security patches against emerging vulnerabilities. Secure firmware updates ensures that only authenticated and validated updates can be carried out on the device.

3. Secure APIs and physical interfaces

With secure APIs and physical interfaces, debug access to devices is limited to authorized users and API use is subject to authentication. Data authenticity and integrity are protected into and out of the device.

4. Secure transport layer

Transport layer security offers standards-based cryptographic protocols for authentication and signed or encrypted communications with the server, protecting data in transit to prevent man-in-the-middle attacks in device-to-server communication.

5. Robustness against jamming and spoofing

IoT devices are vulnerable to deliberate RF interference. Advanced GNSS satellite signals, RF-signal processing, embedded software development, and data encryption make it possible to detect potential attacks on air interfaces and increase the robustness against GPS jamming and spoofing.

IoT security use cases



Because eHealth applications potentially expose patient data, device and data security and patient confidentiality are critically important.

Point of sales

Point of sales

Digital wallets and wirelessly connected payment systems are increasing the complexity of point of sales solutions, diversifying the threats they are exposed to.

Utility networks

Utility networks

The digitalization of energy distribution infrastructure and other essential utility networks has made them vulnerable to attacks by hackers and organized crime.

Security and alarm panels

Security and alarm panels

Once compromised by hackers, building security solutions can be hijacked against the people and assets they were designed to protect.

Autonomous vehicles and robots

Autonomous vehicles and robots

Tomorrow’s connected vehicles and robots will take on increasingly mission-critical tasks, making safety critical software and hardware indispensable.

Industrial asset tracking

Industrial asset tracking

GPS jamming and spoofing can undermine industrial asset tracking solutions, allowing high-value assets to be stolen, diverted, or tampered with undetected, threatening your bottom line.

Explore our portfolio of secure products

  • UBX-R5 - IoT security redefined in a 5G-ready LTE-M and NB-IoT chipset
  • UBX-M10 - Protection level, jamming mitigation, and spoofing detection make the UBX-M10 our most secure GNSS platform to date.

You might also be interested in


Out-of-the-box spoofing mitigation with Galileo’s OSNMA service