Menu

IoT FEATURE NEWS

Securing IoT Mobile Apps with Pen Testing and Certification

By

One of the greatest advantages of IoT connected devices stems from the fact they can be managed remotely with mobile apps on smartphones and tablets. Individuals use IoT mobile apps to control home appliances and personal health devices on the go. Enterprises utilize them for supply chain management, security equipment and collecting data for production analysis. Even government agencies manage traffic data and control smart city equipment with the aid of IoT mobile apps.

IoT mobile app deployment grows faster by the day, as businesses and consumers alike continue to incorporate connected devices to aid daily activities and gain analytical insights. Whether a homeowner uses a Google Nest app to control the thermostat more efficiently or a warehouse employee uses digital sensors to manage inventory, IoT mobile apps provide convenience, improve productivity and simplify routine tasks. Not surprisingly, Statista predicts roughly 75 million IoT devices will be deployed by 2025.

IoT devices improve how we live and work, but unsecure mobile apps put users at risk. This is particularly true for businesses whose employees use IoT-connected mobile apps with their mobile devices. A NowSecure benchmark analysis of IoT-connected mobile apps found 76% leak private information on devices or over a network. Developers and business leaders should thoroughly understand the potential security and privacy vulnerabilities of IoT mobile apps.

The Risks of IoT Mobile Apps

Amazon Ring, one of the most widely used doorbell cameras in the world, allegedly leaked the credentials of more than 3,600 users. Multiple customers also reported hackers gained access to private cameras, in some cases extorting them for bitcoin. Voice control devices like Alexa and Google Home have become popular within households. However, some third-party mobile apps used to control IoT devices have allowed unauthorized users to eavesdrop on owners without their knowledge.

The consequences of IoT mobile app security vulnerabilities can be catastrophic if left unchecked. Software bugs allow threat actors to easily discover passwords or financial information stored insecurely. Insecure network communications enable threat actors to intercept private data transmitted by a mobile app. IoT mobile app vulnerabilities can also create entry points for intruders to gain access to private networks.

IoT devices can be created out of everyday items we wouldn’t immediately think to digitize. Smart toothbrushes help optimize brushing habits and set reminders with the help of mobile apps. Smart refrigerators send out automated reminders to homeowners to order groceries when items run low. Even medical devices like insulin pumps can be controlled via mobile apps on smartphones and tablets. As a result, threat actors have more avenues than ever to potentially exploit users through security vulnerabilities. Mobile app developers must design IoT mobile apps with security in mind from the start.

Introducing the ioXt Alliance

Simply telling customers IoT mobile apps are secure isn’t enough to instill confidence. Users need clear evidence that mobile app developers follow proper secure mobile development practices and test code for security and privacy vulnerabilities before releasing apps. As IoT mobile apps continue to be widely adopted, risk grows in parallel. Developers need to work with an ioXt-certified lab to obtain an independent analysis confirming their IoT mobile apps meet an ironclad level of security.

The ioXt Alliance certification program offers confidence that both IoT devices and IoT-connected  mobile apps meet global standards for security. Backed by numerous technology and manufacturing companies, the ioXt Alliance offers the only industry-led IoT product security and certification program in the world.

Continuous Security and Compliance Testing

IoT mobile app makers can take a few steps to strengthen the security and privacy of their apps. First, they should adopt secure coding techniques from the start to reduce the likelihood of making mistakes. Next, organizations should tap automated mobile application security testing throughout the software development lifecycle to pinpoint security bugs as they go to speed release cycles. And most importantly, they can obtain an additional level of confidence with ioXt certification testing. The ioXt certification gives users assurance that IoT mobile apps safeguard sensitive information and improves digital safety for all.

IoT device makers and IoT-connected mobile app developers must adapt to the evolving digital landscape in order to protect users and businesses from risk. Certification from authorized IoXt certification  labs goes a long way to further security transparency and digital safety and can provide you with a compliance report to show how secure (or unsecure) your mobile apps are.

About the author: As NowSecure Chief Mobility Officer, Brian Reed brings decades of experience in mobile, apps, security, dev and operations management including NowSecure, Good Technology, BlackBerry, ZeroFOX, BoxTone, MicroFocus and INTERSOLV working with Fortune 2000 global customers, mobile trailblazers and government agencies.  At NowSecure, Brian drives the overall go-to-market strategy, solutions portfolio, marketing programs and industry ecosystem. With more than 25 years building innovative products and transforming businesses, Brian has a proven track record in early and mid-stage companies across multiple technology markets and regions. As a noted speaker and thought leader, Brian is a dynamic speaker and compelling storyteller who brings unique insights and global experience. Brian is a graduate of Duke University.




Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]


SHARE THIS ARTICLE
Related Articles

Rising Edge Computing Investments to Reach $350B by 2027, According to IDC

By: Alex Passett    3/27/2024

Worldwide spending on edge computing is expected to surge (and then keep going) for the foreseeable future, according to the International Data Corpor…

Read More

ZEDEDA Adds Lisa Edwards as New Board Member, Seeks Opportunities to Strengthen Operations and Scale

By: Alex Passett    3/26/2024

Earlier this morning, ZEDEDA announced the addition of Lisa Edwards to its board of directors.

Read More

An Existing IoT Collab, Emboldened: Digi International and Telit Cinterion Transform Solutions with 5G RedCap Integration

By: Alex Passett    3/25/2024

The ongoing industry collaboration between Digi International and Telit Cinterion signals strong support for the mainstream showcasing of 5G for IoT a…

Read More

Telit Cinterion's 5G LGA Modules, Powered by Snapdragon from Qualcomm, to Create a Big Leap in IoT Connectivity

By: Alex Passett    3/25/2024

Telit Cinterion recently unveiled its FE990B34/40 LGA family of modules, powered by the Snapdragon X72 5G Modem-RF System from Qualcomm Technologies, …

Read More

Embracing Innovation in Mining: The Role of Network-Aware Applications in the Digital Transformation

By: Special Guest    3/21/2024

Shabodi leverages private 5G network capabilities and enables the development of network-aware applications to enhance operational efficiency, automat…

Read More