Keysight Delivers New IoT Security Assessment Test Software
October 14, 2021 | Business WireEstimated reading time: 3 minutes
Keysight Technologies, Inc., a leading technology company that delivers advanced design and validation solutions to help accelerate innovation to connect and secure the world, has delivered a new Internet of Things (IoT) Security Assessment software solution that enables IoT chip and device manufacturers, as well as organizations deploying IoT devices, to perform comprehensive, automated cybersecurity assessments.
Increasing numbers of connected IoT devices enable hackers to leverage cybersecurity vulnerabilities for a range of attacks including malware, ransomware and exfiltration of data. According to Statista, the total installed base of IoT connected devices worldwide is projected to grow to 30.9 billion units by 2025 from 13.8 billion units expected in 2021.
“IoT device vulnerabilities are especially dangerous as they can facilitate sensitive data breaches and lead to physical danger, such as industrial equipment malfunction, medical device defects, or a home security system breach,” wrote Merritt Maxim, vice president, research director, and Elsa Pikulik, researcher, Forrester, in the State of IoT Security Report 2021.1 “In 2020, IoT devices were the second most common vector for an external breach and technology leaders rank security issues as a top concern plaguing or hindering IoT deployments.”
IoT Security Vulnerabilities – BrakTooth Discovery
Recently, researchers at Singapore University of Technology and Design (SUTD) discovered a group of vulnerabilities, they named BrakTooth, in commercial Bluetooth chipsets that impact billions of end-user devices. The SUTD research was funded with a grant from Keysight. The SUTD published results were leveraged into improvements in Keysight’s IoT Security Assessment software.
BrakTooth captures fundamental attack vectors against devices using Bluetooth Classic Basic Rate/Enhanced Data Rate (BR/EDR) and is likely to affect Bluetooth chipsets beyond those tested by the SUTD team. "It is hard to accurately gauge the scope of BrakTooth affected chipsets,” commented Sudipta Chattopadhyay, assistant professor, SUTD. “We advise all Bluetooth product manufacturers to conduct appropriate risk assessments, especially if their product may include a vulnerable chipset. We are thankful to Keysight for generously supporting our research and the opportunity to collaborate with the experienced Keysight security team.”
The vulnerabilities, which include 20 common vulnerabilities and exposures (CVEs), as well as four awaiting CVE assignments, are found in Bluetooth communication chipsets used in System-on-Chip (SoC) boards. These pose risks that include remote code execution, crashes and deadlocks. The SUTD team responsibly disclosed the findings to the affected vendors, providing a means to reproduce the findings and time to remediate vulnerabilities.
“Research activities like these at SUTD are critical to improving cybersecurity in the connected world. If the good guys don’t improve it, the cyber criminals will take advantage of vulnerabilities for nefarious purposes,” said Steve McGregory, senior director of Keysight’s security research and development team. “While investment into research is needed and helpful, software and chipset manufacturers are responsible for delivering secure products using rigorous security testing.”
Keysight’s IoT Security Assessment Software
Keysight’s IoT Security Assessment software leverages more than 20 years of experience in network security testing to reveal security vulnerabilities across any network technology. The software offers comprehensive, automated testing to rapidly cover a large matrix of known and unknown vulnerabilities. IoT security assessments include novel cybersecurity attack tools and techniques for wireless interfaces such as Wi-Fi, Bluetooth, and Bluetooth Low Energy (BLE) to test known vulnerabilities, as well as to discover new vulnerabilities.
Development organizations can easily integrate Keysight’s API-driven solution into their development pipeline with a single API for control and reporting. Organizations deploying IoT devices can leverage the software to validate IoT devices before they are delivered to end users and as new vulnerabilities become a concern. Ongoing research from Keysight’s Application and Threat Intelligence Research Center provides updates to the latest protocol fuzzing and attack techniques.
Suggested Items
Quectel Introduces Versatile BG95-S5 NTN Satellite Communication Module
04/09/2024 | BUSINESS WIREEmbedded World - Quectel Wireless Solutions, a global IoT solutions provider, today announces the launch of the Quectel BG95-S5 3GPP non-terrestrial network (NTN) satellite communication module. The module supports 3GPP Release 17 IoT-NTN in the S and L band frequencies for satellite communications. In addition, the multi-mode BG95-S5 supports LTE Cat M1, Cat NB2, eGPRS and integrated GNSS.
Synaptics Astra AI-Native IoT Platform Launches with SL-Series Embedded Processors and Machina Foundation Series Development Kit
04/08/2024 | SynapticsSynaptics® Incorporated launched the Synaptics Astra platform with the SL-Series of embedded AI-native Internet of Things (IoT) processors and the Astra MachinaTM Foundation Series development kit.
Klika Tech Announces Strategic Partnership with Espressif Systems to Revolutionize IOT and Smart Home Technology
04/02/2024 | PRNewswireKlika Tech, a global technology solutions and consulting leader delivering innovative Cloud and Smart City solutions, is proud to announce a new strategic partnership with Espressif Systems, a renowned provider of IoT technology and innovative platform solutions.
Ambiq Apollo510 Delivers 30x Power Efficiency Improvement to Unleash Endpoint AI
03/27/2024 | AmbiqAmbiq, a technology leader in exceptionally energy-efficient semiconductors for IoT devices, is introducing the new Apollo510, the first member of the Apollo5 SoC family, which is uniquely positioned to kickstart the age of truly ubiquitous, practical, and meaningful AI.
Global Beam Telecom Joins Viasat’s ELEVATE Program to Provide Remote Connectivity and Industrial IoT
03/26/2024 | InmarsatViasat, Inc., a global leader in satellite communications, announced Global Beam Telecom, a global satcom solutions provider, has joined its ELEVATE program.