Knowledge from the field: Steps to secure IoT products
Posted on 8 May 2019 by Jon Lucero
At our test lab for wireless products, we hear all kinds of testing showstoppers. This is one of them: sometimes we meet device manufacturers who have not taken into account the need to do security testing on their products until after they are fully designed and engineered to be produced. This oversight often results in unexpected and costly delays in getting a product to market.
From the Test Bench for IoT Security, Privacy and Safety
For example: recently we heard from a manufacturer who created an IoT device for delivery of medication to patients for clinics. When we tested the device and applications with our mature security testing methodology, we found many vulnerabilities, as shown in below blue box. If the manufacturer had checked with us in advance, we could have saved them much time in the final stages of designing this product.
Beyond security testing IoT devices for vulnerabilities, we also assess devices for compliance and privacy concerns for standards and regulations and offer certification for wireless products.
Why do we offer all these services under one roof? To help companies accelerate their time to market.
- The device was vulnerable and allowed attackers to gain access to confidential, personally identifiable information through the onboard mobile network router.
- The device also allowed access to pharmaceuticals within the device through multiple vulnerabilities with the physical locking mechanisms and the software for the smart locking mechanism.
|Optimize||Steps to Secure IoT Product|
|Time to Market||If you research security for your IoT device and design your device to operate within those specs, you can speed time to market for your product. Many a manufacturer designs an IoT product only to discover in the testing phase that fundamental design changes need to be made in order for the product to comply with regulations for privacy, safety and cybersecurity. When in doubt, test early and often.|
|Test for CyberSecurity||IoT product manufacturers are smart to test the device relating to cybersecurity vulnerabilities of the firmware, software, communications and supporting systems to ensure security, and safety, for the device.|
|Test for Data Privacy||Data privacy is critical for market forces to trust a new wireless product. When designing an IoT product, be sure to consider these aspects of data privacy:
|Research market-specific regulations for your product||Use cases for products vary, as do government regulations. Research the use case for your product for its targeted region to identify any regulations it must be compliant with. Ensure that your product is tested to support local use cases and regulations for privacy, safety and security.|