IoT Security Assessment

The Problem

As the number of IoT devices continue to grow, so does their influence on our daily lives. The IoT devices helping you to go to work, get healthy, stay secure, keep entertained, and communicate with friends and family are all targets for cyber-attack.

Let us take lighting as an example the U.S. Department of Energy (DOE) has set a national goal of tripling the energy efficiency and demand flexibility of the buildings sector by 2030, relative to 2020 levels. The DOE forecasts that connected lighting systems can significantly contribute to that goal by delivering annual energy savings equivalent to the annual output of 50 power plants. However, as lighting and other systems are becoming more connected, they also become more vulnerable to potential cyber-attacks. Lighting energy savings are put at significant risk, if connected technologies are not adopted due to real or perceived cybersecurity concerns.

And these are real concerns; researchers recently demonstrated how they could compromise an entire building’s smart lighting by sending out malicious firmware updates from a drone flying by the office building.

It is not just lighting, of course. Everything from your webcam and home security to your heating and healthcare monitoring are all at risk. According to a study published in April 2023, the number of Internet of Things (IoT) attacks in the world reached over 10.54 million in December 2022.

We have seen a range of IoT device security issues recently; for example:

• ICSA-20063-01: Grants door lock access to a hacker by means of remote execution

• CVE-2021-39238: Enables remote code execution from networked office printers that can spread across an enterprise network

• CVE-2021-28372: Allows hackers to watch and listen to live feeds from webcams

• CVE-2021=33883: Allows altered doses of medication to be delivered to patients without any checks

This poses not only a risk to users, but also a risk and responsibility to manufacturers and service providers, especially as the recommendations and standards for IoT device security becomes more detailed and stringent. 

However, keeping up with these risks and complying with the various IoT device security standards, policies and guidelines can be challenging, and many organizations don’t have the time or the skills.

The Solution

In the face of this growing cyber threat and as IoT cybersecurity testing requirements intensify and compliance deadlines loom, are you ready? Are you adequately equipped to conduct comprehensive testing of IoT devices? failing to do so could result in significant costs.

Backed by decades of security testing and research, Keysight’s IoT Security Assessment is here to help you. We make it easy and cost-effective for you to improve the cybersecurity of IoT devices and comply with various IoT labeling standards, without having to hire your own team of cybersecurity experts.

We provide an IoT cybersecurity certification platform that automates validation through a point-and-click user interface (UI) or automation API. It’s a turnkey assessment tool enabling you to test your IoT devices against security, compliance, and labeling requirements.

The system tests for multiple security flaw parameters, from Bluetooth protocol vulnerabilities baked into the supply chain to weak passwords and outdated encryption and can be employed in a broad range of use cases.