Keysight Delivers New IoT Security Assessment Test Software
Keysight Technologies, Inc. (NYSE: KEYS), a leading technology company that delivers advanced design and validation solutions to help accelerate innovation to connect and secure the world, has delivered a new Internet of Things (IoT) Security Assessment software solution that enables IoT chip and device manufacturers, as well as organizations deploying IoT devices, to perform comprehensive, automated cybersecurity assessments.
Increasing numbers of connected IoT devices enable hackers to leverage cybersecurity vulnerabilities for a range of attacks including malware, ransomware and exfiltration of data. According to Statista, the total installed base of IoT connected devices worldwide is projected to grow to 30.9 billion units by 2025 from 13.8 billion units expected in 2021.
"IoT device vulnerabilities are especially dangerous as they can facilitate sensitive data breaches and lead to physical danger, such as industrial equipment malfunction, medical device defects, or a home security system breach," wrote Merritt Maxim, vice president, research director, and Elsa Pikulik, researcher, Forrester, in the State of IoT Security Report 2021.1 "In 2020, IoT devices were the second most common vector for an external breach and technology leaders rank security issues as a top concern plaguing or hindering IoT deployments."
IoT Security Vulnerabilities – BrakTooth Discovery
Recently, researchers at Singapore University of Technology and Design (SUTD) discovered a group of vulnerabilities, they named BrakTooth, in commercial Bluetooth chipsets that impact billions of end-user devices. The SUTD research was funded with a grant from Keysight. The SUTD published results were leveraged into improvements in Keysight's IoT Security Assessment software.
BrakTooth captures fundamental attack vectors against devices using Bluetooth Classic Basic Rate/Enhanced Data Rate (BR/EDR) and is likely to affect Bluetooth chipsets beyond those tested by the SUTD team. "It is hard to accurately gauge the scope of BrakTooth affected chipsets," commented Sudipta Chattopadhyay, assistant professor, SUTD. "We advise all Bluetooth product manufacturers to conduct appropriate risk assessments, especially if their product may include a vulnerable chipset. We are thankful to Keysight for generously supporting our research and the opportunity to collaborate with the experienced Keysight security team."
The vulnerabilities, which include 20 common vulnerabilities and exposures (CVEs), as well as four awaiting CVE assignments, are found in Bluetooth communication chipsets used in System-on-Chip (SoC) boards. These pose risks that include remote code execution, crashes and deadlocks. The SUTD team responsibly disclosed the findings to the affected vendors, providing a means to reproduce the findings and time to remediate vulnerabilities.
"Research activities like these at SUTD are critical to improving cybersecurity in the connected world. If the good guys don't improve it, the cyber criminals will take advantage of vulnerabilities for nefarious purposes," said Steve McGregory, senior director of Keysight's security research and development team. "While investment into research is needed and helpful, software and chipset manufacturers are responsible for delivering secure products using rigorous security testing."
Keysight's IoT Security Assessment Software
Keysight's IoT Security Assessment software leverages more than 20 years of experience in network security testing to reveal security vulnerabilities across any network technology. The software offers comprehensive, automated testing to rapidly cover a large matrix of known and unknown vulnerabilities. IoT security assessments include novel cybersecurity attack tools and techniques for wireless interfaces such as Wi-Fi, Bluetooth, and Bluetooth Low Energy (BLE) to test known vulnerabilities, as well as to discover new vulnerabilities.
Development organizations can easily integrate Keysight's API-driven solution into their development pipeline with a single API for control and reporting. Organizations deploying IoT devices can leverage the software to validate IoT devices before they are delivered to end users and as new vulnerabilities become a concern. Ongoing research from Keysight's Application and Threat Intelligence Research Center provides updates to the latest protocol fuzzing and attack techniques.
1Forrester, The State of IoT Security, 2021, by Merritt Maxim, Elsa Pikulik with Stephanie Balaouras, Chris Sherman, Benjamin Corey, Peggy Dostie
SAP 4W-Wizard selected by UN for OCHA
SAP SE announced that the United Nations Office for the Coordination of Humanitarian Affai...
TO THE NEW brings CK Lens, an AWS Cost Management Platform
TO THE NEW (TTN) has launched their new AWS Cloud Cost Analytics platform, CK Lens on the...
Blockchain Coinvestors Unveils Most Comprehensive List of Global Blockchain Unicorns
Blockchain Coinvestors, a leading blockchain venture fund-of-funds and coinvestment progra...
Tech Data along with IBM bringing value to the channel eco-system
Recently VARINDIA has organized an event with Tech data and IBM focussing on ‘Bid sm...
OPPO to Host OPPO INNO DAY 2021, first ever virtual INNO WORLD
OPPO announced it will host the annual OPPO INNO DAY on 14-15 December 2021 in Shenzhen, C...