The speed with which IoT has been accepted as the go-to technology by the world is surprisingly fast and this acceptance is only seen spreading to all verticals and organizations of all sizes. Today all the devices being used in our lives are either connected to or through IoT. While this has eased our experience with technology and provided more comfort, the door to this vortex has an opening on the other end too. This means, that how easily we can utilize IoT via various tools of technology be it devices or applications, solution platforms, and more, the same tools and our data connected with them are vulnerable to threats from the other side too. As per research conducted by Symantec, per month, on average IoT devices experience 5,200 attacks. 5G which is considered to be a boost to IoT has now started functioning in a few metropolitan cities in India and enterprises too can now get 5G separately to run their businesses. This, while it may seem to help enhance the use and benefits of technology to upgrade their current standards, the chances of us via our endpoint devices becoming vulnerable to cyber threats is the downside.
“The Mirai-distributed DDoS worm was the third most common IoT threat in 2018. This could have been stopped if a comprehensive testing practice would have been in place. As such attacks have only increased, it becomes very important to safeguard our endpoints connected through IoT devices for which the organizations utilizing IoT should adhere to get their devices tested through comprehensive testing. Keysight’s IoT Security Assessment has just the right team and the right tools to test devices that can be and are vulnerable to external threats due to their association with IoT,” said Gaurav Ranade, CTO at RAH Infotech.
Keysight is the acknowledged gold standard for device security testing and has been doing cybersecurity research for nearly two decades. One can attack virtually any device – from smartwatches to headphones and connected cars to medical implants. Keysight’s IoT Security Assessment is built to tackle any attack on any device. Here, Keysight’s team validates the security up and down the stack, from low-layer protocol fuzzing up to application-layer attacks. It can be driven by UI or a comprehensive REST API for easy integration into a CI/CD pipeline and its modular design enables snap-in integration for additional capabilities from – Keysight, a 3rd party or even in-house code. With a few mouse clicks or API calls, Keysight’s decades of security testing expertise can find the hidden vulnerabilities in virtually any connected device, using real-world attack techniques and methods.
The Open Web Application Security Project (OWASP) has compiled a list of the top 10 vulnerabilities common to IoT devices and Keysight’s IoT Security Assessment solves 9 of those – everything but physical hardening. So, while the users have to lock the door themselves, Keysight’s IoT Security Assessment will assess:
- Use of Insecure or outdated components
- Insufficient privacy protection
- Insecure data transfer and storage
- Lack of device management
- Secure default settings
- Weak, easy-to-guess, or hardcoded passwords
- Insecure network services
- Insecure ecosystem interfaces
- Lack of secure update mechanisms
Keysight’s IoT Security Assessment attacks connected devices to find both known and unknown attacks. Upper-layer attacks such as brute-force password discovery and weak encryption discovery handle common and cataloged vulnerabilities, and intensive protocol fuzzing discovers hard-to-find weaknesses in networking implementations. This lets one simultaneously discover and address vulnerabilities in the RF and link-layer protocols that might be hiding in the communication chipset as well as higher-level weaknesses.
Authored by: Gaurav Ranade, CTO, RAH Infotech