Offers comprehensive and automated cybersecurity validation of IoT devices against malicious hacking and data breaches
According to a report by Statista, installed Internet of Things (IoT) connected devices worldwide is projected to grow to 30.9 billion units by 2025 from 13.8 billion units expected in 2021. Although this is welcoming news, malicious hackers can leverage cybersecurity vulnerabilities for a range of attacks including malware, ransomware and data exfiltration.
“IoT device vulnerabilities are especially dangerous as they can facilitate sensitive data breaches and lead to physical danger, such as industrial equipment malfunction, medical device defects, or a home security system breach,” wrote Merritt Maxim, vice president, research director, and Elsa Pikulik, researcher, Forrester, in the State of IoT Security Report 2021. “In 2020, IoT devices were the second most common vector for an external breach and technology leaders rank security issues as a top concern plaguing or hindering IoT deployments.”
To alleviate such concerns and help IoT chip and device manufacturers, as well as organisations deploying IoT devices, to perform comprehensive and automated cybersecurity assessments, Keysight Technology presents the new IoT Security Assessment software solution.
IoT Security Vulnerabilities – BrakTooth Discovery
In a recent discovery, researchers at the Singapore University of Technology and Design (SUTD) have found a group of vulnerabilities, which they have named as BrakTooth. It impacts billions of end-user devices with Bluetooth chipsets by capturing fundamental attack vectors against devices using Bluetooth Classic Basic Rate/Enhanced Data Rate (BR/EDR).
The vulnerabilities, which include 20 common vulnerabilities and exposures (CVEs), as well as four awaiting CVE assignments, are found in Bluetooth communication chipsets used in System-on-Chip (SoC) boards. These pose risks that include remote code execution, crashes and deadlocks.
“It is hard to accurately gauge the scope of BrakTooth affected chipsets,” commented Sudipta Chattopadhyay, assistant professor, SUTD. “We advise all Bluetooth product manufacturers to conduct appropriate risk assessments, especially if their product may include a vulnerable chipset.”
Keysight’s IoT Security Assessment Software
With several years of experience in network security testing for revealing security vulnerabilities across any network technology, the IoT Security Assessment software offers comprehensive, automated testing to rapidly cover a large matrix of known and unknown vulnerabilities. IoT security assessments include novel cybersecurity attack tools and techniques for wireless interfaces such as Wi-Fi, Bluetooth and Bluetooth Low Energy (BLE) to test known vulnerabilities, as well as to discover new vulnerabilities.
Development organisations can easily integrate Keysight’s API-driven solution into their development pipeline with a single API for control and reporting. Organisations deploying IoT devices can leverage the software for validating IoT devices and check for any new vulnerabilities before delivery to end-users.