(Image Credit: iStockPhoto/iStockFinland)
Earlier this month, a sister publication reported that security often takes a back seat in the rush to connect devices to the internet. That story referred to another incident in which a connected Corvette was compromised, following a widely publicized Jeep hack in July. These events underscore an uncomfortable truth: as more everyday devices gain online capabilities, security must become a top priority.
Many connected devices gather personal information and automate routine tasks, so insufficient security can have serious consequences. Until recently, the Internet of Things (IoT) community has not always given security the attention it needs. Responding to that gap, Symantec has announced a new initiative aimed at protecting embedded systems across consumer and enterprise environments.
Introduced this week, Symantec’s Embedded Critical System Protection is designed to defend devices that run critical functions, whether in the home or within industrial settings. “As IoT innovation and adoption continues to grow, so has the opportunity for new cyber security risks. This is the next frontier. In the automotive industry, hackers can literally steer the car and hit the brakes from their keyboards,” said Shankar Somasundaram, Senior Director of Internet of Things Security at Symantec.
Many devices performing essential roles are now connected to the internet for the first time—smart locks, smoke detectors, and remote cameras, for example. The resulting era offers vast benefits but also creates new attack surfaces that attract malicious actors.
Research firm Gartner predicts roughly 25 billion connected devices will be in use by 2020, a scale that presents a major challenge for manufacturers and security providers alike as cyberattacks increase across sectors. To meet this challenge, Symantec is rolling out device certificates for IoT security in collaboration with leading chip makers and cryptographic library partners, including Texas Instruments and wolfSSL. These certificates are intended to be embedded at the hardware level to enable safe encryption and reliable authentication of device communications.
“Providing secure, simple and seamless authentication requires embedding certificates in IoT products. To help customers secure cloud communications, TI currently embeds Symantec’s root certificate in multiple IoT devices to digitally sign and authenticate Internet communication and firmware updates,” said Gil Reiter, Director of IoT at Texas Instruments.
On the device side, Symantec’s new code-signing certificates help ensure that only authorized code runs on connected hardware. Their cloud-based signing service supports several code formats relevant to IoT development, simplifying secure firmware distribution and verification.
“The IoT market is craving a comprehensive security solution. As the industry leaders for IoT trust infrastructure, wolfSSL Inc. and Symantec address market needs through their combined solution to help developers secure against the three most fundamental security challenges in the IoT: Man-in-the-Middle attack, secure firmware updates, and encrypting data on the device,” said Larry Stefonic, Founder and CEO of wolfSSL.
By integrating hardware-level certificates and code-signing capabilities, these initiatives aim to reduce the risk of remote interference, unauthorized firmware modification, and intercepted communications. Embedding strong cryptographic protections at the silicon level and pairing them with cloud services for certificate and signing management creates multiple layers of defense that are harder for attackers to bypass.
Implementing these protections poses technical and logistical challenges for device makers, including certificate provisioning, lifecycle management, and secure update mechanisms. Nevertheless, as the number and diversity of connected devices grow, adopting robust authentication and encryption practices will become essential—not optional—to maintain user trust and safety.
Do you think Symantec’s approach is a meaningful step toward stronger IoT security? Share your thoughts in the comments.