Modern Internet of Things (IoT) devices are connected to operate with other devices, web portals and one another in order to share real-time data. For teams building, or looking to integrate new IoT devices into their organization, this business decision represents an increase to your overall attack surface, and therefore presents new challenges for the security of your systems and your data. If this is an area of concern for you, rest assured, we have developed security and testing best practices specifically for the Internet of Things.
Start with the Basics
Industry standards and regulations help establish strong baselines for secure device design and implementation. However, such standards are not prescriptive and do not take into consideration the entire attack surface of a device and its supporting services. Furthermore, even the most thorough and established industry standards will fail to account for 100% of attack methods, especially in consideration of new and emerging technology. So it is important to follow the standards but never stop there.
Additionally, make sure you have the right team and right processes. New risks can be inserted during the development process for the device through incomplete implementation of security features, or because developers don’t understand all possible attacks.
Use Threat Modeling to Build a Bigger Picture
IoT devices don’t operate in isolation; they’re connected to a range of network and application assets. As such, the risk to the data gathered and managed by the devices extends far beyond the device itself. A compromise of the organizations’ infrastructure can propagate to the IoT device command and control, allowing device security to be undermined in attacks that may not directly touch the device at all.
An architectural threat model can be used to evaluate threats and possible attacks across an entire solution that spans multiple products and services. A proper threat model will evaluate a solution from three perspectives:
• Data Flow – Map the system flow topology into a data-flow describing the relationships between all system components to help your team identify threats across the entire system architecture, identify the whole system’s attack surface and evaluate the impact and risk of each threat.
• Functional Security Requirements and Solutions – Evaluate the suitability and risk of the functional security solutions for authentication, access control, validation, transport layer security, etc.
• Abuse Cases – Evaluate the system’s resilience to targeted abuse attempts across its interfaces and features.
Actively Test Against Threat Vectors
Development standards, bug bounty programs, and automated code analysis all add value and can play a critical role in a sound, scalable security assurance program for IoT device development. However, these practices do not in-themselves provide the technical proficiency, holistic coverage, and prescriptive feedback of comprehensive security assessments for IoT systems.
A thorough security assessment of an IoT system should include testing vulnerabilities in the software and firmware of the device and looking for potential exploit paths from the services it interacts with. Denim Group’s security assessment services can provide extensive testing of risks beyond what many security standards encompass and provide significant security assurance.
Contact us to request an assessment for your IoT devices, or download our whitepaper on IoT medical devices to learn more about how our approach can be applied to fit the needs of specific industries.