News

What's AirSuite doing to keep your data and sensors secure?

---

From smart fridges to autonomous cars, smartwatches to sensors, the Internet of Things (or IoT) garners a poor reputation for security. Privacy and hacker concerns are legitimate and widespread. At the same time, connecting to the cloud delivers many opportunities when done with best practice protocols.

That’s why AirSuite works hard to keep your data and devices private, secure, up-to-date, and free from harm. We know you need confidence your AirSuite devices – and the data they transmit to the cloud – is secure now and into the future.

Read on to discover the ways we keep your devices and data safe.

---

1. Our LTE devices connect to the cloud via a private network.

All data from AirSuite’s LTE devices is sent to the cloud via an encrypted tunnel, giving your data an added layer of protection. It works similar to a VPN (Virtual Private Network) you might use to access your work network from home.

Imagine the public Internet is a roadmap of networks, while the encrypted tunnel is a secret and exclusive network – it’s a secure connection because it’s separate from the rest of the Internet.

Thanks to the secure tunnel, it’s impossible for data sent from your AirSuite sensors to the cloud to be intercepted, interfered with, eavesdropped on, or stolen in a cyberattack.

We usually recommend LTE instead of Wi-Fi, since it is secure by default. Some benefits include:

• Device connections are authenticated and encrypted automatically. You don’t need to set up anything yourself.
• Your AirSuite sensor connections are separate from your internal network/Wi-Fi, so in the unlikely event any devices on your network are compromised, your AirSuite devices cannot be affected.
• Your AirSuite sensor is not visible to the public Internet, so they cannot be accessed by anyone else.
• Network connectivity is maintained and guaranteed by our LTE network partners. Keeping the network running is their full-time job.

2. Encryption: All data on our Wi-Fi devices are encrypted with TLS 1.2.

Weak or no encryption is another common concern surrounding IoT devices.

While AirSuite LTE devices transmit data through their own private APN, Wi-Fi devices connect to your existing Wi-Fi network and transmit data through the public Internet, so they need an additional layer of security.

For this reason, anything transmitted between your AirSuite devices and the cloud is encrypted.

Your devices constantly record information about your environment which you don’t want to fall into the wrong hands.

While there’s nothing personally identifying you, we understand you might not want people to know when you’re home or not, or if your offices are occupied or empty. By encrypting your data, it’s not possible for anyone to snoop; it’s all completely safe.

Non-encrypted traffic transmitted via Wi-Fi bounces from server to server across the Internet before it gets to its destination in the cloud. This means it’s possible for anybody in that path to read that data. But encrypting this data means the risk of interception through a “man-in-the-middle” or MITM attack drops to zero.

AirSuite Wi-Fi devices use industry-standard TLS 1.2 encryption.

3. Our devices are resilient and robust in network outages.

AirSuite devices are designed to be extremely fault-tolerant. So, in most cases, even in poor network conditions, you won’t notice problems. If your device can’t connect to the Internet, the data will persist on your device for over 24 hours until it’s next able to connect. It’s then uploaded to the AirSuite Cloud as soon as network connectivity resumes.

4. Security updates are automatic and over-the-air.

IoT devices may become vulnerable to security risks over time if regular updates can’t be rolled out.

We know it’s a top priority for your devices to remain secure for their lifetime. AirSuite typically delivers feature enhancements and maintenance updates to all devices on a regular cadence, and any routine security enhancements are included in these updates. There’s no downtime, no hassle, and no manual intervention required.

Security updates are guaranteed for at least five years from the date you purchase your AirSuite sensors. This means you can be confident your devices will remain secure for their lifetime. Further, we’re committed to supporting you through your entire journey. We’re not going to rollout an update that disables network connectivity as some suppliers have unfortunately deemed appropriate.

Shopping around? Buyer beware:

Devices using the Sigfox or LoRaWAN IoT network are highly bandwidth-constrained - while this is great for battery life, there are significant restrictions on reporting granularity and frequency. This also means they’re not capable of supporting over-the-air updates. To put this in perspective, an AirSuite sensor can send data over 10,000x faster than a Sigfox device, report more often, and automatically update to the latest firmware in the field - while still delivering a multi-year battery life!

Wi-Fi devices can be updated over-the-air, but cheap devices are often not programmed to receive over-the-air updates. This means that if a security vulnerability is discovered, it cannot be fixed. The only way to fix it is to replace the device or return it for repair.

5. AirSuite sensors are secure by design.

You may have heard about how hackers can exploit security vulnerabilities using malware to create a botnet, capturing hundreds of thousands of insecure devices across the globe to form an army of Internet-connected computers. Attacks of this magnitude can impact major service providers, such as Amazon, Microsoft, Netflix, Twitter and Airbnb. This is not only scary news for the end-user, but it can also have a massive reputational impact.

Many IoT devices, such as security cameras and robot vacuum cleaners, run on a full operating system similar to your personal computer. A computer operating system contains a huge amount of functionality, and therefore there is inherently a greater risk of an attacker being able to exploit a vulnerability in the system, and the consequences are likely to be more severe - potentially gaining full remote control over the system.

By contrast, the firmware on your AirSuite devices is “bare metal”, and developed completely in-house by our team in New Zealand. This means that AirSuite sensors run software that is specifically developed to do one thing and do it well. Since there is no operating system, there is no ability to remotely access or control your AirSuite sensors, except for providing over-the-air updates and configuration.

Further, AirSuite sensors take advantage of PKI (Public Key Infrastructure) to ensure that only authorised devices can connect to the AirSuite Cloud. In essence each sensor is provisioned with multiple unique keys and identifiers. This means that even if an attacker were to gain access to your Wi-Fi network, they would not be able to connect to the AirSuite Cloud. It also means that we can identify any anomalies and sandbox specific device credentials until our security team has reviewed the event. We don’t just supply all our devices with the same passphrase and hope for the best.

6. We’ve secured the supply chain.

All AirSuite software, firmware and hardware is designed by our team in New Zealand, and we complete the final assembly, firmware programming, credential provisioning and QA in-house. This means we have complete control over the entire supply chain, and we can guarantee that no malicious code or hardware has been introduced.

7. We’re independently audited.

AirSuite had our first independent security audit from CyberCX in March 2023. Our intention is to undertake third-party penetration testing at least every two years to uncover potential blindspots or vulnerabilities and resolve them quickly.

CyberCX is one of New Zealand’s leading cybersecurity organisations, who help companies to defend against cyber threats and embrace the opportunities of cloud. They have reviewed all aspects of the AirSuite platform, including the mobile app, web portal and device connectivity.

To recap:

• We know the risks and vulnerabilities that come with operating on the Internet of Things. And we also keep up with amazing leaps in innovation. We want to give you all the good; none of the nasty.
• We follow best practices: our devices don’t run a bloated operating system. Our LTE network is separate from the rest of the Internet. Data is encrypted.
• Our cloud can identify authentic devices and data, and we can identify anomalies and suspicious activity.
• AirSuite devices are robust as they are built to withstand network outages, such as those caused by natural disasters and climate events.
• Our networks and hardware are independently audited.
• You receive regular over-the-air updates which means your security and privacy is future-proofed, not compromised over time.