Knowledge from the field: Steps to secure IoT products

At our test lab for wireless products, we hear all kinds of testing showstoppers.  This is one of them:  sometimes we meet device manufacturers who have not taken into account the need to do security testing on their products until after they are fully designed and engineered to be produced. This oversight often results in unexpected and costly delays in getting a product to market. 

From the Test Bench for IoT Security, Privacy and Safety
For example: recently we heard from a manufacturer who created an IoT device for delivery of medication to patients for clinics. When we tested the device and applications with our mature security testing methodology, we found many vulnerabilities, as shown in below blue box. If the manufacturer had checked with us in advance, we could have saved them much time in the final stages of designing this product.

Beyond security testing IoT devices for vulnerabilities, we also assess devices for compliance and privacy concerns for standards and regulations and offer certification for wireless products.

Why do we offer all these services under one roof? To help companies accelerate their time to market.

Vulnerabilities Found in Real-World IoT Product Testing
  • The device was vulnerable and allowed attackers to gain access to confidential, personally identifiable information through the onboard mobile network router.

  • The device also allowed access to pharmaceuticals within the device through multiple vulnerabilities with the physical locking mechanisms and the software for the smart locking mechanism.

How do you get best results when testing an IoT device?
For many companies, below are the items to optimize when testing an IoT device. Click here to expand; click here to download.

Optimize Steps to Secure IoT Product
Time to Market If you research security for your IoT device and design your device to operate within those specs, you can speed time to market for your product. Many a manufacturer designs an IoT product only to discover in the testing phase that fundamental design changes need to be made in order for the product to comply with regulations for privacy, safety and cybersecurity. When in doubt, test early and often.
Test for CyberSecurity IoT product manufacturers are smart to test the device relating to cybersecurity vulnerabilities of the firmware, software, communications and supporting systems to ensure security, and safety, for the device.
Test for Data Privacy Data privacy is critical for market forces to trust a new wireless product. When designing an IoT product, be sure to consider these aspects of data privacy:
  • Residency: where is it being stored?
  • Security: how is it being stored and transmitted?
  • Regulatory: what type of data is collected and to which regulations (domestic and international) is it subject?
Research market-specific regulations for your product Use cases for products vary, as do government regulations. Research the use case for your product for its targeted region to identify any regulations it must be compliant with. Ensure that your product is tested to support local use cases and regulations for privacy, safety and security.

We’re here to help you optimize and secure your wireless product, from concept through design and testing.  For more on our testing services, see our website and reach out to our team.


Want to learn more about our Cybersecurity Testing Services?

Protect Your Blind Spots

Start Now

See our case studies.

GLOBAL INSURANCE AND INVESTMENT FIRM NOW UNDERSTANDS BLIND SPOTS IN THEIR WORLD-CLASS DETECTION

Insurance & Investment Management

GLOBAL INSURANCE AND INVESTMENT FIRM NOW UNDERSTANDS BLIND SPOTS IN THEIR WORLD-CLASS DETECTION

Read The Story
LARGE LIFE INSURANCE AND FINANCIAL SERVICES COMPANY REDUCES TIME TO DETECT AND CONTAIN CYBER ATTACKS

Life Insurance & Financial Services

LARGE LIFE INSURANCE AND FINANCIAL SERVICES COMPANY REDUCES TIME TO DETECT AND CONTAIN CYBER ATTACKS

Read The Story
Back to Blog

Before you leave…
want to sign up for our newsletter?