Keysight Delivers New IoT Security Assessment Test
Software
Offers
comprehensive and automated cybersecurity validation of IoT devices
Keysight Technologies, Inc. a leading
technology company that delivers advanced design and validation solutions to
help accelerate innovation to connect and secure the world, has delivered a
new Internet of Things (IoT) Security Assessment software solution that
enables IoT chip and device manufacturers, as well as organizations deploying
IoT devices, to perform comprehensive, automated cybersecurity
assessments.
Increasing numbers of connected IoT devices enable hackers to leverage
cybersecurity vulnerabilities for a range of attacks including malware,
ransomware and exfiltration of data. According to Statista, the total
installed base of IoT connected devices worldwide is
projected to grow to 30.9 billion units by 2025 from 13.8 billion units
expected in 2021.
"IoT device vulnerabilities are especially dangerous as they can
facilitate sensitive data breaches and lead to physical danger, such as
industrial equipment malfunction, medical device defects, or a home security
system breach," wrote Merritt Maxim, vice president, research director,
and Elsa Pikulik, researcher, Forrester, in the State of IoT Security Report
2021.1 "In 2020, IoT devices were the second most common
vector for an external breach and technology leaders rank security issues as a
top concern plaguing or hindering IoT deployments."
IoT Security Vulnerabilities – BrakTooth Discovery
Recently, researchers at Singapore University of Technology and Design
(SUTD) discovered a group of vulnerabilities, they named BrakTooth, in
commercial Bluetooth chipsets that impact billions of end-user devices.
The SUTD research was funded with a grant from Keysight. The SUTD published results
were leveraged into improvements in Keysight's IoT Security Assessment
software.
BrakTooth captures fundamental attack vectors against devices using
Bluetooth Classic Basic Rate/Enhanced Data Rate (BR/EDR) and is likely to
affect Bluetooth chipsets beyond those tested by the SUTD team. "It is
hard to accurately gauge the scope of BrakTooth affected chipsets,"
commented Sudipta Chattopadhyay, assistant professor, SUTD. "We advise all
Bluetooth product manufacturers to conduct appropriate risk assessments,
especially if their product may include a vulnerable chipset. We are thankful
to Keysight for generously supporting our research and the opportunity to
collaborate with the experienced Keysight security team."
The vulnerabilities, which include 20 common vulnerabilities and
exposures (CVEs), as well as four awaiting CVE assignments, are found in
Bluetooth communication chipsets used in System-on-Chip (SoC) boards. These
pose risks that include remote code execution, crashes and deadlocks. The SUTD
team responsibly disclosed the findings to the affected vendors, providing a
means to reproduce the findings and time to remediate vulnerabilities.
"Research activities like these at SUTD are critical to improving
cybersecurity in the connected world. If the good guys don't improve it, the
cyber criminals will take advantage of vulnerabilities for nefarious
purposes," said Steve McGregory, senior director of Keysight's security
research and development team. "While investment into research is needed
and helpful, software and chipset manufacturers are responsible for delivering
secure products using rigorous security testing."
Keysight's IoT Security Assessment
Software
Keysight's IoT Security Assessment software leverages more than 20 years
of experience in network security testing to reveal security vulnerabilities
across any network technology. The software offers comprehensive, automated
testing to rapidly cover a large matrix of known and unknown vulnerabilities.
IoT security assessments include novel cybersecurity attack tools and
techniques for wireless interfaces such as Wi-Fi, Bluetooth, and Bluetooth Low
Energy (BLE) to test known vulnerabilities, as well as to discover new
vulnerabilities.
Development organizations can easily integrate Keysight's API-driven
solution into their development pipeline with a single API for control and
reporting. Organizations deploying IoT devices can leverage the software to
validate IoT devices before they are delivered to end users and as new
vulnerabilities become a concern. Ongoing research from Keysight's
Application and Threat Intelligence Research Center provides
updates to the latest protocol fuzzing and attack techniques.
Source: Keysight Technologies media announcement