A comprehensive set of tools and services that allows you to perform in-depth technical assessments of the firmware.
IoT Inspector - Security Analysis for IoT Devices: a comprehensive set of tools and services that allows you to perform in-depth technical assessments of the firmware.
Most industrial sectors are undergoing a move towards digitization on an unprecedented scale. Most machines are now remotely connected, at least for monitoring purposes. Predictive maintenance is seen as the way to reduce significantly costs of ownership. Beyond industrial production systems, everything that can host a sensor, either for self-monitoring or for checking the environment, can become connected.
The sheer number of IoT (Internet of Things) is therefore increasing fast and reaching levels where it is generating significant risks for the systems they are part of. One of the key issues is that they are being produced as industrial sensors rather than as internet devices. The default security level is therefore often below the required minima.
Once deployed, there isn’t much support and the firmware are highly likely to not be maintained properly, increasing the ease of exploitation by a possible attacker.
Creating strong filtering and monitoring infrastructure to protect such numerous, geographically distributed, and connected systems may represent an excessively high cost.
From a business perspective, it makes then more sense to have a solid procurement process in place, requiring an in-depth assessment of future IoT devices. This implies to be able to not only evaluate the seriousness of the IoT maker, and in particular its design and production processes, but also to have a detailed check of the software running the IoT. If done manually, the latter will never be scalable. The challenge becomes then to have it performed by as many organisations as possible so that IoT makers have an incentive to provide the market with reasonably secure devices.
As part of the development of its Testing Platform, aimed at making some of the most critical tests affordable for a larger share of the ecosystem, the Cybersecurity Competence Center (C3) initiated a partnership with two European security companies, Sec Consult and IoT Inspector.
They are the creators and maintainers of “IoT Inspector”, a comprehensive set of tools and services that allows you to perform in-depth technical assessments of the firmware. Weaknesses such as the use of hardcoded credentials, outdated libraries, hidden connections to the maker’s systems, etc, can be uncovered and reported. This will definitely help to strengthen the procurement process by allowing an informed conversation with the provider.
Once the IoT are deployed, IoT Inspector will also allow to monitor the occurrence of possible mishaps, vulnerabilities or needs for updates.
In order to benefit from such a service, companies based in Luxembourg will be able to register on the C3 Testing Platform at testing.c3.lu, once it is online, and require a test. They will be guided in the process to provide the firmware to the testing platform and get a comprehensive report once the assessments have been run.