As the presence of IoT devices continues to rise across a range of industries, with no end in sight, so too does the myriad of attack surfaces. This means organizations face a range of security requirements for IoT devices in networks, their systems, services, firewalls, IDS, IPS solutions, and more. All must be secure. To achieve that end, the devices must be tested effectively.
IoT devices have a variety of testing requirements for security assurance which include these categories:
Device application, API, and cloud
Device mobile interface
Spirent SecurityLabs device testing
Spirent’s IoT security consultants are industry-recognized experts and have attained certification from a broad range of standards bodies and industry consortiums. Spirent is a CTIA authorized test lab for IoT Cybersecurity Certification. Their customer base covers a broad field of industires and use cases. Their critical mass of findings each year provide industry leaders bellwether indicators of trends in security vulnerabilites.
The device security framework of Spirent SecurityLabs evaluates authentication and authorization, firmware update mechanisms, security of interfaces, and device penetration testing methodology to discover configuration weaknesses and uncover exploitable vulnerabilities in the following areas:
Obtaining unauthorized access to sensitive data
Making unauthorized changes to data or program
Bypassing authentication and authorization mechanisms
Elevation of privilege
Input validation weaknesses
Man-in-the-middle (MITM) attacks
SecurityLabs findings: The top device vulnerabilities
The top device vulnerabilities found by SecurityLabs in 2022 were:
Hardcoded cryptographic keys
Insecure boot process
Weak and non-standard cryptographic algorithms
Weak and common credentials
Accessible serial console
High privileged running services
To learn about potential impact of vulnerabilities on devices and more, read the 2022 Device Threat Report.