Keysight Technologies, Inc. has provided a new Internet of Things (IoT) security assessment software solution that enables manufacturers of IoT chips and devices, as well as organizations deploying IoT devices, to perform comprehensive and automated cybersecurity assessments.
A growing number of connected IoT devices allow hackers to exploit cybersecurity vulnerabilities for a range of attacks, including malware, ransomware, and data exfiltration. According to Statista, the total installed base of IoT connected devices worldwide is expected to reach 30.9 billion units by 2025, compared to 13.8 billion units expected in 2021.
“IoT device vulnerabilities are particularly dangerous because they can facilitate breaches of sensitive data and lead to physical danger, such as malfunction of industrial equipment, malfunction of medical devices, or breach of the home security system,” wrote Merritt Maxim, vice president, research director and Elsa. Pikulik, Researcher, Forrester, in the State of IoT Security 2021.1 report “In 2020, IoT devices were the second most common vector of an external breach and technology leaders ranked security issues among the main concerns affecting or hindering IoT deployments. “
IoT Security Vulnerabilities – BrakTooth Discovery
Recently, researchers at the University of Technology and Design of Singapore (SUTD) discovered a group of vulnerabilities, which they named BrakTooth, in commercial Bluetooth chipsets that impact billions of user devices. final. SUTD research was funded by a grant from Keysight. The results published by SUTD have been used to improve Keysight’s IoT security assessment software.
BrakTooth captures fundamental attack vectors against devices using Bluetooth Classic Basic Rate / Enhanced Data Rate (BR / EDR) and is likely to affect Bluetooth chipsets beyond those tested by the SUTD team. “It is difficult to accurately assess the extent of chipsets affected by BrakTooth,” commented Sudipta Chattopadhyay, Assistant Professor, SUTD. “We advise all manufacturers of Bluetooth products to perform appropriate risk assessments, especially if their product may include a vulnerable chipset. We thank Keysight for generously supporting our research and for having the opportunity to collaborate with the experienced Keysight security team.
The vulnerabilities, which include 20 Common Vulnerabilities and Exposures (CVEs), as well as four pending CVE assignments, are found in Bluetooth communications chipsets used in System-on-Chip (SoC) cards. These present risks which include remote code execution, crashes, and freezes. The SUTD team responsibly disclosed the results to affected vendors, providing a means to replicate the results and time to remediate vulnerabilities.
“Research activities like SUTD’s are essential to improve cybersecurity in the connected world. If the good guys don’t improve it, cybercriminals will take advantage of vulnerabilities for nefarious purposes, ”said Steve McGregory, senior director of Keysight’s security research and development team. “While an investment in research is necessary and worthwhile, software and chipset makers are responsible for delivering products that are secure through rigorous security testing. “
Keysight IoT Security Assessment Software
Keysight’s IoT security assessment software leverages over 20 years of network security testing experience to reveal security vulnerabilities on any network technology. The software offers comprehensive and automated testing to quickly cover a large matrix of known and unknown vulnerabilities. IoT security assessments include new cybersecurity attack tools and techniques for wireless interfaces such as Wi-Fi, Bluetooth, and Bluetooth Low Energy (BLE) to test for known vulnerabilities, as well as to discover new vulnerabilities.
Development organizations can easily integrate Keysight’s API-driven solution into their development pipeline with a single API for monitoring and reporting. Organizations that deploy IoT devices can take advantage of the software to validate IoT devices before they are delivered to end users and as new vulnerabilities become a concern. Ongoing research from Keysight’s Threat and Applications Research Center provides updates on the latest protocol jamming and attack techniques.
If you have an interesting article / experience / case study to share, please contact us at [email protected]