“There are many potential points of failure in an end-to-end IoT Solution, and the world of connected products is full of examples of bad security,” said Mike Hibbett, End-to-End Security Architect at Firmwave. “Not least, several security flaws have been discovered in pacemakers, insulin pumps and other medical devices allowing hackers to turn them into fatal weapons.”
Companies who plan to launch connected products do not have sufficient internal security resources to properly design for security from sensors to the cloud. This typically involves implementing a methodology to deal with vulnerabilities, risks and threats in all parts of the solution and planning for security management post-delivery of the connected solution.
There are multiple potential points of failure in an end-to-end IoT Solution: Securing boot, Firmware updates, device configuration, mutual authentication, key management, status reporting. Failure in any one of these can mean a complete system failure.
To address these shortcomings in IoT end devices, Firmwave will offer the following security testing and validation services to customers who extend or customize with the off-the-shelf Firmwave platform. The EST framework is readily available to partners who use their own in-house or third-party platforms in their connected solutions. The Firmwave IoT EST services offering includes:
- End Node Penetration Testing
- Secure Manufacturing and Provisioning at Scale
- Device Management Penetration Testing
- Data Management Penetration Testing
- Web and Mobile Application Penetration Testing