Internet of Things or Internet of Threats?
The Internet of Things is rapidly changing our world, with billions of interconnected smart devices assisting us with transportation, healthcare, security, and communications. Most of these devices won't sit behind security gateways, which means every endpoint must be secure. But how do you validate endpoint security without exhaustive, comprehensive testing?
That's where Keysight's IoT Security Assessment comes in. You can attack virtually any IoT device – from smartwatches to headphones to connected cars to medical implants. We validate security up and down the stack, from low-layer protocol fuzzing up to application-layer attacks. Simply plug in your choice of network transports.
Make Our Team Your Team
Keysight is the acknowledged gold standard for device security testing and has been doing cybersecurity research for nearly two decades. Our IoT Security Assessment is built for any device and any attack. Keysight’s IoT Security Assessment can be driven by UI or a comprehensive REST API for easy integration into a CI/CD pipeline, and its modular design enables snap-in integration for additional capabilities from Keysight, a 3rd party, or even in-house code.
With a few mouse clicks or API calls, Keysight’s decades of security testing expertise can find the hidden vulnerabilities in virtually any connected device, using real-world attack techniques and methods.
Stop the Known and the Unkown
The Mirai botnet exploited weak password security in IoT devices and infected up to 2.5 million devices, which in turn launched the largest DDoS attacks in Internet history and caused massive outages. Those weaknesses could have been easily found and fixed with Keysight’s IoT Security Assessment.
Keysight's IoT Security Assessment attacks connected devices to find both known and unknown attacks. Upper-layer attacks such as brute-force password discovery and weak encryption discovery handle common and cataloged vulnerabilities, and intensive protocol fuzzing discovers hard-to-find weaknesses in networking implementations. This lets you simultaneously discover and address vulnerabilities in your RF and link-layer protocols that might be hiding in your communication chipset as well as higher-level weaknesses such as those described in the OWASP Top 10.
Take on OWASP Top 10
OWASP has compiled a list of the top 10 vulnerability types common to IoT devices, and Keysight’s IoT Security Assessment solves 9 of those – everything but physical hardening. So while you’ll have to lock the door yourself, Keysight’s IoT Security Assessment will assess:
- Use of Insecure or outdated components
- Insufficient privacy protection
- Insecure data transfer and storage
- Lack of device management
- Secure default settings
- Weak, easy to guess, or hardcoded passwords
- Insecure network services
- Insecure ecosystem interfaces
- Lack of secure update mechanisms
Keysight’s IoT Security Assessment has already been used to find many CVEs, all of which have been responsibly disclosed and published. Contact Keysight to find out how you can find and fix vulnerabilities such as these before you send IoT devices out in the wild where they are much more expensive, or impossible, to fix.
Internet of Things (IoT)
Application Notes 2021.10.06
Testing the 5 C’s + 1 of IoT