Hand sanitiser dispensers raise IOT security concern

The task of securing IOT has extended to an unlikely device – dispensers of hand-sanitising gel.

Microsoft has revealed that Azure-connected Purell Smartlink dispensers will be upgraded to protect them from cyber-attacks.

More than 100 US healthcare facilities have deployed 25,000 of the dispensers, which dispense gel and track how often people are cleaning their hands. Sensors in the machines also detect how many people enter and leave a room. The resulting data is sent to Microsoft’s Azure cloud for analysis.

Now, the Purell Smartlink technology will be upgraded to incorporate Microsoft’s Azure Sphere – a microcontroller (MCU), operating system and cloud service designed to improve the security of Internet-connected devices.

The Azure Sphere MCU has cryptographic and secure boot features implemented in silicon and its real-time operating system has a layered architecture to improve security. Microsoft also provides mechanisms for updating security on Azure Sphere devices. Certificate-based authentication allows Azure to verify a device’s identity – there’s no way to swap in a counterfeit dispenser!

“Azure Sphere will allow us to really button up that last leg of our stack – hardware – to ensure we have the best protection against any potential security risks,” said Jason Slater, technology solutions architect for Purell Smartlink Technology, in an article on Microsoft’s web site.

Leapfrogging firewalls

Azure Sphere is just one of several ways Microsoft is tackling the daunting challenge of securing billions of connected devices.

Recently, it also announced a platform-as-a-service for securely managing devices located behind firewalls, such as sensors connected to a factory’s private network.

The platform, called Azure IOT Hub device streams, allows secure direct connection to devices without opening an inbound firewall port or using a virtual private network.

A user’s system and an IOT device authenticate with an Azure IOT Hub endpoint, which acts as a proxy for encrypted data transfers.

While the capability was not available in Australia at the time of writing, one local Microsoft partner - cloud solutions distributor rhipe – has already expressed interest in the service. The company has IOT devices connected to Microsoft IOT Hub in the US.

“It’s an important step in terms of how we can connect isolated devices to the cloud,” said Sridhar Deenadayalan, Azure Practice Head at rhipe.

“What I like most is it’s not restricted to IOT devices. Any traditional application protocol can also communicate over that device stream. That going to make it easier for a whole lot of higher level applications that involved protocols like SSH and custom protocols,” Deenadayalan said.

Rhipe and its partners have plenty of IOT security work ahead of them, because hand sanitisers are far from the only class of device adding internet of things smarts.