Spirent circle logo

Identifying the Top Device Threats of 2022


Spirent SecurityLabs’ extensive experience in testing a range of environments combined with Spirent’s industry-leading expertise in device penetration testing, offer an overview of the top device threats of 2022 in a detailed report highlighting the potential impact of these vulnerabilities.

As the presence of IoT devices continues to rise across a range of industries, with no end in sight, so too does the myriad of attack surfaces. This means organizations face a range of security requirements for IoT devices in networks, their systems, services, firewalls, IDS, IPS solutions, and more. All must be secure. To achieve that end, the devices must be tested effectively.

IoT devices have a variety of testing requirements for security assurance which include these categories:

  • Device networks

  • Device application, API, and cloud

  • Device hardware

  • Device mobile interface

Spirent SecurityLabs device testing

Spirent’s IoT security consultants are industry-recognized experts and have attained certification from a broad range of standards bodies and industry consortiums. Spirent is a CTIA authorized test lab for IoT Cybersecurity Certification. Their customer base covers a broad field of industires and use cases. Their critical mass of findings each year provide industry leaders bellwether indicators of trends in security vulnerabilites.

The device security framework of Spirent SecurityLabs evaluates authentication and authorization, firmware update mechanisms, security of interfaces, and device penetration testing methodology to discover configuration weaknesses and uncover exploitable vulnerabilities in the following areas:

  • Obtaining unauthorized access to sensitive data

  • Making unauthorized changes to data or program

  • Bypassing authentication and authorization mechanisms

  • Elevation of privilege

  • Code injection

  • Service crashes

  • Memory leaks

  • Input validation weaknesses

  • Serialization issues

  • Man-in-the-middle (MITM) attacks

SecurityLabs findings: The top device vulnerabilities

The top device vulnerabilities found by SecurityLabs in 2022 were:

  • Unencrypted communications

  • Hardcoded cryptographic keys

  • Reprogrammable components

  • Insecure boot process

  • Weak and non-standard cryptographic algorithms

  • Weak and common credentials

  • Unencrypted storage

  • Accessible serial console

  • Outdated software

  • Insecure APIs

  • High privileged running services

To learn about potential impact of vulnerabilities on devices and more, read the 2022 Device Threat Report.

Like our content?

Subscribe to our blogs here.

Blog Newsletter Subscription

Sameer Dixit

VP, Security Consulting

Sameer is Vice President of Security Consulting at Spirent Communications, leading the Spirent SecurityLabs ethical hacking and security research team. Sameer is recognized a leader in cyber security, with 20 years’ of experience in penetration testing and security research. Sameer has contributed research for leading industry groups such as OWASP and CTIA, and regularly contributes on security-related topics to leading publications and outlets such as Security Week, Business Insider, ZDnet, SC Magazine and Security Boulevard. He has also spoken at cyber security conferences such as DefCon, CyberSecurity Chicago, BlockCon, MilCis, Arm Tech Con, SINET Innovation Summit and IoT Slam etc. on security trends related to the emerging web, mobile communications, IoT, Cloud, 5G and the automotive industry. Prior to Spirent, Sameer has worked for a number of leading security companies, including Trustwave-SpiderLabs and Cenzic Inc., where he led the incident response, penetration testing, vulnerability scanning and managed security testing services team.