Securing IoT Mobile Apps with Pen Testing and Certification


One of the greatest advantages of IoT connected devices stems from the fact they can be managed remotely with mobile apps on smartphones and tablets. Individuals use IoT mobile apps to control home appliances and personal health devices on the go. Enterprises utilize them for supply chain management, security equipment and collecting data for production analysis. Even government agencies manage traffic data and control smart city equipment with the aid of IoT mobile apps.

IoT mobile app deployment grows faster by the day, as businesses and consumers alike continue to incorporate connected devices to aid daily activities and gain analytical insights. Whether a homeowner uses a Google Nest app to control the thermostat more efficiently or a warehouse employee uses digital sensors to manage inventory, IoT mobile apps provide convenience, improve productivity and simplify routine tasks. Not surprisingly, Statista predicts roughly 75 million IoT devices will be deployed by 2025.

IoT devices improve how we live and work, but unsecure mobile apps put users at risk. This is particularly true for businesses whose employees use IoT-connected mobile apps with their mobile devices. A NowSecure benchmark analysis of IoT-connected mobile apps found 76% leak private information on devices or over a network. Developers and business leaders should thoroughly understand the potential security and privacy vulnerabilities of IoT mobile apps.

The Risks of IoT Mobile Apps

Amazon Ring, one of the most widely used doorbell cameras in the world, allegedly leaked the credentials of more than 3,600 users. Multiple customers also reported hackers gained access to private cameras, in some cases extorting them for bitcoin. Voice control devices like Alexa and Google Home have become popular within households. However, some third-party mobile apps used to control IoT devices have allowed unauthorized users to eavesdrop on owners without their knowledge.

The consequences of IoT mobile app security vulnerabilities can be catastrophic if left unchecked. Software bugs allow threat actors to easily discover passwords or financial information stored insecurely. Insecure network communications enable threat actors to intercept private data transmitted by a mobile app. IoT mobile app vulnerabilities can also create entry points for intruders to gain access to private networks.

IoT devices can be created out of everyday items we wouldn’t immediately think to digitize. Smart toothbrushes help optimize brushing habits and set reminders with the help of mobile apps. Smart refrigerators send out automated reminders to homeowners to order groceries when items run low. Even medical devices like insulin pumps can be controlled via mobile apps on smartphones and tablets. As a result, threat actors have more avenues than ever to potentially exploit users through security vulnerabilities. Mobile app developers must design IoT mobile apps with security in mind from the start.

Introducing the ioXt Alliance

Simply telling customers IoT mobile apps are secure isn’t enough to instill confidence. Users need clear evidence that mobile app developers follow proper secure mobile development practices and test code for security and privacy vulnerabilities before releasing apps. As IoT mobile apps continue to be widely adopted, risk grows in parallel. Developers need to work with an ioXt-certified lab to obtain an independent analysis confirming their IoT mobile apps meet an ironclad level of security.

The ioXt Alliance certification program offers confidence that both IoT devices and IoT-connected  mobile apps meet global standards for security. Backed by numerous technology and manufacturing companies, the ioXt Alliance offers the only industry-led IoT product security and certification program in the world.

Continuous Security and Compliance Testing

IoT mobile app makers can take a few steps to strengthen the security and privacy of their apps. First, they should adopt secure coding techniques from the start to reduce the likelihood of making mistakes. Next, organizations should tap automated mobile application security testing throughout the software development lifecycle to pinpoint security bugs as they go to speed release cycles. And most importantly, they can obtain an additional level of confidence with ioXt certification testing. The ioXt certification gives users assurance that IoT mobile apps safeguard sensitive information and improves digital safety for all.

IoT device makers and IoT-connected mobile app developers must adapt to the evolving digital landscape in order to protect users and businesses from risk. Certification from authorized IoXt certification  labs goes a long way to further security transparency and digital safety and can provide you with a compliance report to show how secure (or unsecure) your mobile apps are.

About the author: As NowSecure Chief Mobility Officer, Brian Reed brings decades of experience in mobile, apps, security, dev and operations management including NowSecure, Good Technology, BlackBerry, ZeroFOX, BoxTone, MicroFocus and INTERSOLV working with Fortune 2000 global customers, mobile trailblazers and government agencies.  At NowSecure, Brian drives the overall go-to-market strategy, solutions portfolio, marketing programs and industry ecosystem. With more than 25 years building innovative products and transforming businesses, Brian has a proven track record in early and mid-stage companies across multiple technology markets and regions. As a noted speaker and thought leader, Brian is a dynamic speaker and compelling storyteller who brings unique insights and global experience. Brian is a graduate of Duke University.

Edited by Erik Linask

Related Articles

Fleet Complete Introduces Suite to Empower Commercial Fleet Operations

By: Greg Tavarez    8/10/2022

Fleet Complete introduced AT&T Fleet Complete FC Insights Solution Suite to monitor and manage all aspects of fleet mobile operations.

Read More

SentinelOne, Armis Reduce Enterprise Attack Surface

By: Greg Tavarez    8/9/2022

SentinelOne announced a new integration with Armis to help protect organizations from modern threats and provide unified and unparalleled visibility a…

Read More

Toolie Tracks Equipment, Worker Productivity

By: Greg Tavarez    8/8/2022

Momentum IoT launched Toolie, a small device that attaches to any equipment or tool, and tracks location and usage.

Read More

IoT Platform to Create More Sustainable Planet Through Semtech, Sierra Deal

By: Greg Tavarez    8/5/2022

Semtech Corp. and Sierra Wireless Inc. announced an agreement under which Semtech is acquiring Sierra Wireless.

Read More

IoT Device Testing Enhanced with SmartTest Automation

By: Greg Tavarez    8/5/2022

Teledyne LeCroy's Frontline Test Services team developed SmartTest automated testing to enhance testing capabilities.

Read More