IoT products security compliance
As the Internet of Things (IoT) becomes a more and more popular concept, the market gets gradually populated with so called “smart” devices. Because of their interconnectivity possibilities, IoT products can also be seen as gateways between the public space (the Internet) and the personal networks of the end users. Considering this, it is easy to see why attacking a weak IoT product would be an attractive and easy way of getting access into a private or business network, thus being able to access all the assets inside the network. Moreover, a large part of these IoT products are addressed for citizens who may not be aware of their associated risks. In this case, the responsibility of enabling security in the off-the-shelf product lies with the manufacturers. Considering this, manufacturers can rely on relevant standards, frameworks or best practices in order to control and minimize the security risks.
Secura is actively involved in standardization activities, as well as a member of recognized cybersecurity organizations. This is why we can provide you with a clear overview of the most relevant publications addressing IoT cybersecurity issues.
We base our assessment on the internationally recognized IoT security framework from the IOT Security Foundation. As an additional service, we complement this framework using other publications such as the OTA IoT Framework, the GSMA IoT guidelines and checklist, the OWASP IoT testing guide and others.
The world of IoT products is very wide, ranging from simple consumer IoT products (smart TVs, home assistants, smart lights, etc.), up to industrial specific products such as connected medical devices or automotive applications. Considering this, we understand that the selection of assessment requirements is a very important step that should match your device type and use case. After this tailored selection step, we validated the product’s security functions, as well as the processes related to its development through testing, document review or audit activities. Examples of security functionalities which can be tested are the Secure Boot, debug interfaces, random number generator, signature validation, public key management, or data input verification.
As a result of the assessment, we put the conclusions into the form of an Assurance Report, devised in line with internationally recognized assurance standards such as ISAE 3000. This will enable you to showcase the security of your product, which could lead to a significant market advantage.
For more detailed information regarding our offered services in terms of IoT security, please check our dedicated IoT products factsheet.