It is projected that there will be more than 30 billion IoT devices in 2025. These Internet connected devices will provide a broad range of new experiences but weak security could make each a potential source of attacks. [More]
The Mirai Botnet, Stuxnet, Ukraine power grid and recent infrastructure attacks are small targeted examples compared to potential future attacks. Rogue actors or well funded state actors could easily launch much broader scale less focused attacks on critical infrastructure using IoT devices with weak security. The impact would be catastrophic. These devices should have been secured long ago and now FDO provides a standard approach to begin.
FIDO Device Onboarding (FDO) is a new generation secure IoT protocol, designed to solve two key components of IoT security: supply chain security and passwords. The FDO was developed by the FIDO Alliance based on the same guiding principles: convenience, security and privacy used for FIDO Authentication. See the FIDO Alliance whitepaper for more background or the FDO proposed standard.
As a starting point we are hosting FDO services for developers to experiment. We have more announcements in the next several months, so check back frequently.
Today, to set up an IoT device, the owner needs to either enter credentials in the factory, even if the device is weeks or months away from being on the shelves, or make users go through a tedious, insecure enrollment process. In these scenarios it is extremely hard to maintain security of the supply chain, as malicious devices may pretend to be real, genuine IoT devices. Additionally, issues with user experience leads to weak passwords, unchanged default passwords, and password reuse by both manufacturers and end users.
The LoginID FDO Client SDK on GitHub can be used as a starting point for testing. To access the FDO services add these rendezvous services to your device configuration:
` ` `
` ` `
Currently only demorv.loginid.io is available while we are testing our solution, but in future rv.loginid.io and fdo.cloud will point to a stable production server. We advise all participating manufacturers to include all of the RV endpoints to keep long term device compatibility.