Our lives increasingly depend on connected devices—for our homes, workplaces, cars, subways, healthcare, and entertainment. Internet of Things (IoT) devices are becoming so ubiquitous and transparent that they fade into the background. But what happens when threat actors find vulnerabilities in those devices? With traditional IT devices, security updates can be applied on the fly. However, once IoT devices with fixed firmware are deployed, potential issues are often no longer possible to fix.
Vulnerabilities can be expensive, damaging, and outright dangerous once exploited. A hostile actor could bring traffic to a standstill in a major city. Healthcare devices are especially appealing targets for ransomware, with immediate and literal life-and-death consequences. Manufacturing lines can grind to a halt, pipelines can shut down, and power grids can fail—all with a few keystrokes. The largest botnet ever seen, Mirai, exploited over 600,000 IoT devices using only 64 fixed passwords.
Because of the difficulty in patching devices that are already deployed, it is critical to thoroughly test the security and resilience of IoT devices before deployment with the attacks and techniques that hackers use in the wild.
Keysight’s IoT Security Assessment is a comprehensive, automated security testing solution for IoT devices that helps development organizations find and fix security flaws in connected devices before deployment. It uses the latest protocol fuzzing and attack techniques and supports consumer, healthcare, automotive, and other connected devices with Wi-Fi, cellular, Ethernet, CAN bus, Bluetooth, and BLE connectivity. It also has a flexible and extensible architecture that allows easy integration of existing or third-party security testing modules.
Our solution builds on 20+ years of leadership in network security testing to reveal security exposures across any network technology. The ongoing research from our Application and Threat Intelligence (ATI) team ensures regular updates, so you have access to the latest protocol fuzzing and attack techniques.
Key Features:
– Protocol Fuzzing—finding unknown vulnerabilities by injecting errors into the bidirectional protocol stream to uncover implementation errors. A fuzzing session can often reveal flaws in embedded communication chipsets. This process is sometimes invasive/destructive and can cause crashes, hangs, reboots, etc.
– Vulnerability Assessment and Compliance Testing—scans devices against a growing list of known threats and vulnerabilities. Also, evaluates a target against specific requirements such as encryption, open ports, certificate validation, and more
– Flexible, modular, extensible architecture. The entire IoT Security Assessment package is API-driven, externally and internally, which makes it easy to plug in existing and third-party modules. So, if you have already built your own test scripts and do not want to discard them, just plug them in and keep using them—all controlled by the same API as the rest of the IoT Security Assessments.
– Our team provides monthly update releases with new modules, tools, hardware support, and features. In one recent example, we added a new module dedicated to fuzzing for Bluetooth, Wi-Fi, and IP.
Interested in diving deeper? You can access the tool page here.