Keysight IoT Security Assessment
Keysight IoT Security Assessment
Keysight IoT Security Assessment
A recent report by Zscaler’s ThreatLabz revealed a 400% increase in IoT malware attacks in 2023
compared to the previous year.2 This increase is an indication of the expanding role IoT devices
play in our everyday lives. Additionally, research indicates that cybercriminals are targeting legacy
vulnerabilities, with 34 of the 39 most popular IoT exploits specifically directed at vulnerabilities that
have existed for over three years.
Are you adequately equipped to conduct comprehensive testing of IoT devices in the face of this
growing threat? Are you able to detect all vulnerabilities on your IoT devices ?
Firmware analysis has never been an easy job due to the diversity and closed nature of the
environment. The absence of necessary interfaces and constrained hardware resources make
firmware invisible to network-based security tools. This invisibility makes firmware vulnerabilities
harder to detect and, consequently, more challenging to address.
Several institutions are leading the way to introduce cybersecurity standards and labeling
requirements for IoT devices. Notable examples include the European Telecommunications
Standards Institute (ETSI EN 303 645), the National Institute of Standards and Technology (NIST
IR 8425) in the United States, and the International Organization for Standardization/International
Electrotechnical Commission (ISO/IEC ISO 27402).
1
Statistic 2023 IoT connected devices worldwide 2019-2030 | Statista https://www.statista.com/statistics/1183457/iot-
connected-devices-worldwide/
2
Zscaler ThreatLabz 2023 IoT and OT Threat Report, https://www.zscaler.com/press/zscaler-threatlabz-finds-400-increase-
iot-and-ot-malware-attacks-year-over-year-underscoring
As IoT cybersecurity standardization and labeling requirements intensify and compliance deadlines
loom, are you ready?
Over the years, there have been numerous high-profile IoT attacks across various industries. Even
back in 2007 when cyberattacks did not make the daily news, the Stuxnet IoT attack on an Iranian
uranium purification plant gained control of different machines, resulting in damage to uranium-
enrichment centrifuges. Five years later, in 2012, TrendNet's webcams were hacked, causing a
massive breach of privacy as live feeds from thousands of users' webcams were streamed online.
In November 2016, cybercriminals even took control of the heating systems in two buildings in
Finland, posing a significant risk to life.
In 2021, a breach involving 150,000 Verkada security cameras exposed day-to-day activities within
banks, government departments, and large corporations. These incidents not only raise concerns
about the security of IoT devices but also their potential impact on personal privacy.
More recently in 2023, Amazon was ordered to pay over $25 million to settle allegations that it
violated children's privacy rights with its Alexa voice assistant, and Amazon's doorbell camera unit
Ring was fined $5.8 million after giving employees unrestricted access to customer data.
These cases underscore the ongoing challenges surrounding IoT security and data privacy. It’s only a
matter of time before the next big cyberattack makes the headlines.
When you discover critical vulnerabilities, you must scramble to address flaws and rush updates,
while you potentially face brand damage, expensive recalls, and compliance risk. It is very difficult
to update devices in the field, and many will maintain factory default configurations, which
poses a security risk. Some vulnerabilities often lurk in third-party Systems-on-Chip (SoC). These
issues are notoriously difficult to find, and you often cannot fix them directly. We understand that
comprehensive IoT device testing may appear difficult and costly, and that you may be concerned
your organization does not have the right skills. That is where Keysight can help.
Unlike disparate solutions which require users to assemble and separately manage multiple tools,
Keysight’s IoT Security Assessment combines traditional vulnerability assessment with industry
leading protocol fuzzing as well as our new firmware analysis under an integrated user interface (UI)
or REST API. This solution also includes comprehensive reporting on discovered security flaws.
Those include Open Web Application Security Project (OWASP) vulnerabilities such as weak
authentication and encryption, expired certificates, Android vulnerabilities and Android debug (ADB)
exposures, known common vulnerabilities and exposures (CVEs), and embedded flaws in protocol
stacks. Additionally our new automated IoT Firmware Analysis module provides insights into the
software bill of materials and vulnerabilities of IoT Firmware and actionable insights to improve it.
Figure 1 is an example of the user interface showing recent scenarios. With a simple press of a
button, you can run automated tests to see the results and re-run tests that fail.
See a demo of how the IoT Security Assessment tool can simulate a potential attack on
a pulse monitor: https://www.keysight.com/us/en/assets/3123-1478/demos/healthcare-
demo.mp4.
IoT Security Assessment is a modular, expandable system supporting a very large range of tests.
The system tests for multiple security flaw parameters, from firmware and Bluetooth protocol
vulnerabilities embedded in the supply chain to weak passwords and outdated encryption. It applies
across a wide spectrum of use cases.
• Analyzes binary firmware files to generate Software Bill of Materials (SBOM, detect vulnerabilities
and weaknesses, and identify potential 0-days.
Protocol Fuzzing
• Provides industry leading fuzzing, which accelerates discovery of unknown flaws in protocol
stacks and chip sets.
Vulnerability Assessment
Compliance Testing
• Evaluates target against specific requirements such as encryption, open ports, certificate
validation.
Firmware Analysis
Traditional security assessments solutions typically focus on network and application vulnerabilities,
leaving the firmware relatively unchecked. This oversight can lead to significant security risks as
attackers may exploit firmware vulnerabilities to gain unauthorized access or control over devices.
Given the critical role of firmware a dedicated approach to firmware analysis is necessary.
Our new Firmware analysis module addresses this gap. The solution can identify vulnerabilities
directly within the device's operating code that includes everything from extracting the Software
Bill of Materials (SBOM) to uncover associated vulnerabilities, detecting hard-coded credentials
that pose unauthorized access risks, pinpointing configuration flaws, identifying weak or expired
cryptographic keys and certificates, to finding vulnerable scripts and binary code.
The following table highlights just a few examples of our protocol and application layer tests.
Wi-Fi • Wi-Fi Capture Deauth, Wi-Fi – Capture Assoc, Wi-Fi – Crack Password with
Pcap file
• Wi-Fi – PoC of CVE-2019-15126 kr00k vulnerability, Wi-Fi – Encryption check
• Wi-Fi Exploit - Zero PMK attack, Wi-Fi Exploit - EAP client crash
CAN bus • CAN Identify Modules, CAN – Get DTCs, CAN – Read DIDs
• CAN – Check Auth Seed, CAN Flood, CAN Send Message
• CAN Probe, CAN Get Vehicle Info
Android • Adb – List Devices, Adb – Reboot, Adb – Screenshot, Adb – Read File
Debug • Adb – Check Root, Adb – List Apks, Adb – Download File
• Adb – Popup, Adb – Apks Vulnerability Scan, Adb – List system users
TLS/SSL • TLS/SSL Analyzer – Run all scans, TLS/SSL Analyzer – TLS v1.0 Ciphers Scan
• TLS/SSL Analyzer – SSL v2.0 Weak Ciphers Scan
• TLS/SSL Analyzer – SSL v3.0 Weak Ciphers Scan
IoT Security Assessment combines a complete suite of IoT testing, from automated firmware
analysis, vulnerability assessments and protocol fuzzing under an integrated user interface (UI) or
REST API. This comprehensive cybersecurity assessment solution ensures users are protected when
IoT devices are shipped to market. The product not only analyzes firmware that operates with an
underlying operating system but also stands out in the market by offering a specialized analysis
for Bare-Metal and Monolithic firmware. This unique capability allows us to extend our security
assessments beyond traditional firmware analysis. The Bare-Metal and Monolithic firmware analyzer
employs static code analysis and targeted code emulation techniques, enabling it to identify a wide
range of vulnerabilities.
Device manufacturers and vendors can use our automated IoT testing and validation platform to
comply with international cybersecurity standards such as ETSI EN 303 645 and country-specific
labeling requirements such as the Cyber Trust Mark.
With 20+ years of network and security excellence, our global Application and Threat Intelligence
(ATI) Research Center keeps current on all the latest threats. Our ATI global team of security analysts
monitor and analyze emerging threats to help you stay a step ahead of cybercriminals.
As our team discovers new vulnerabilities and attacks, we keep IoT Security Assessment up to date
to incorporate emerging threats and additional functionalities. The security landscape is constantly
shifting, with a nonstop stream of new threats and vulnerabilities for device manufacturers to
contend with. Fortunately, Keysight has a solid track record and extensive experience in assessing
the security of networked devices.
Keysight is a member of multiple industry standard bodies including the Technological Advisory
Council (TAC) for the Federal Communications Commission (FCC) and Industry consortia (IOWN,
NextG Alliance, QED-C). We are also a member of the O-RAN Alliance WG11, creating automated
cybersecurity certification testing for WG11 standards.
Keysight is one of only a few select technology vendors and the only testing solution provider invited
to participate in a 2023 White House initiative to improve IoT security. The U.S. Cyber Trust Mark for
consumer IoT devices, an IoT labeling program, outlines a set of cybersecurity standards for smart
devices that requires devices to pass cybersecurity tests and provide data usage transparency. The
National institute of Standards and Technology (NIST) and the Federal Communications Commission
(FCC) devised the cybersecurity standards for the program.
Figure 3 shows the Keysight IoT Security Assessment for automated IoT compliance testing. Against
certain compliance testing requirements, you can see the severity of your devices' vulnerabilities,
whether they pass or fail, and it can help you certify your IoT devices.