Companies that develop IoT connected products often do not have sufficient internal resources to properly design for complete security from sensors to the cloud. This typically involves implementing a methodology to deal with vulnerabilities, risks and threats in all parts of the solution and planning for security management post-delivery of the connected solution.
Dublin-based secure hardware and software technology developer Firmwave has just made available a new IoT EST and validation service to help make sensors and gateways more secure.
“The world of connected products is full of examples of bad security,” said Mike Hibbett, End-to-End Security Architect at Firmwave. “Not least, several security flaws have been discovered in pacemakers, insulin pumps and other medical devices allowing hackers to turn them into fatal weapons.”
There are multiple potential points of failure in an end-to-end IoT solution: securing boot, firmware updates, device configuration, mutual authentication, key management, status reporting. Failure in any one of these can mean a complete system failure.
“We see particular security inadequacies with low-power edge sensors and gateway devices executing on low-cost microcontrollers,” added Hibbett. “This is why we are providing our IoT EST and validation services to make sensors and gateways more secure.”
To address these shortcomings in IoT end devices, Firmwave offers the following security testing and validation services to customers who extend or customize with the off-the-shelf Firmwave platform. The EST framework is readily available to partners who use their own in-house or third-party platforms in their connected solutions. The Firmwave IoT EST services offering includes:
- End Node Penetration Testing
- Secure Manufacturing and Provisioning at Scale
- Device Management Penetration Testing
- Data Management Penetration Testing
- Web and Mobile Application Penetration Testing
Firmwave provides a full security solution to securely connect and manage sensors and machines remotely. This removes complexity and allows the OEM organization to focus on its core business applications rather than security, connectivity, and device management infrastructure elements of a solution. Firmwave has licensed its secure hardware and software solutions to pioneers in IoT such as Intel, as well as medical and industrial connected device makers.
“The security advances now offered by the Firmwave platform will no doubt have a huge, positive impact for IoT developers and users globally,” said Sara Hill, SVP, Advanced Technologies, Enterprise Ireland. “We’re proud such technologies are being developed by an Irish company, and look forward to supporting Firmwave as they continue on the path of innovation.”