As the presence of IoT devices continues to rise across a range of industries, with no end in sight, so too does the myriad of attack surfaces. This means organizations face a range of security requirements for IoT devices in networks, their systems, services, firewalls, IDS, IPS solutions, and more. All must be secure. To achieve that end, the devices must be tested effectively.
IoT devices have a variety of testing requirements for security assurance which include these categories:
Device networks
Device application, API, and cloud
Device hardware
Device mobile interface
Spirent SecurityLabs device testing
Spirent’s IoT security consultants are industry-recognized experts and have attained certification from a broad range of standards bodies and industry consortiums. Spirent is a CTIA authorized test lab for IoT Cybersecurity Certification. Their customer base covers a broad field of industires and use cases. Their critical mass of findings each year provide industry leaders bellwether indicators of trends in security vulnerabilites.
The device security framework of Spirent SecurityLabs evaluates authentication and authorization, firmware update mechanisms, security of interfaces, and device penetration testing methodology to discover configuration weaknesses and uncover exploitable vulnerabilities in the following areas:
Obtaining unauthorized access to sensitive data
Making unauthorized changes to data or program
Bypassing authentication and authorization mechanisms
Elevation of privilege
Code injection
Service crashes
Memory leaks
Input validation weaknesses
Serialization issues
Man-in-the-middle (MITM) attacks
SecurityLabs findings: The top device vulnerabilities
The top device vulnerabilities found by SecurityLabs in 2022 were:
Unencrypted communications
Hardcoded cryptographic keys
Reprogrammable components
Insecure boot process
Weak and non-standard cryptographic algorithms
Weak and common credentials
Unencrypted storage
Accessible serial console
Outdated software
Insecure APIs
High privileged running services
To learn about potential impact of vulnerabilities on devices and more, read the 2022 Device Threat Report.