“With billions of IoT devices in use and more on the way, security testing is more critical than ever to address new threats and evolving regulations.”
Definitely true. The global IoT device market is dynamitic, with notable spikes in growth due to the rise in more confident adoptions of IoT-centric solutions. According to a new report, the project market value is expected to reach $413.7 billion by 2031. That’s a lot of green being thrown at IoT; with more investments on the horizon, so unfortunately too are IoT device vulnerabilities being exploited. Per the report, roughly 57% of devices are at risk of what are classified as both medium-risk and high-severity attacks. Thus, those manufacturing IoT devices are increasingly in need of assessment tools to securely and consistently identify and remediate device security vulnerabilities.
One specific component of a comprehensive security assessment is known as fuzzing or fuzz testing. (We’ll refer to it as the former.) Fuzzing connotes software testing that purposefully injects invalid, malformed, or unexpected inputs into a device in order to reveal hidden defects or less-obvious vulnerabilities. The goal of fuzzing is legitimately to stress applications and cause unexpected behaviors, resource leaks, and crashes – better executed by responsible security teams than bad actors, we’d say.
So, as the quote above specified, security testing (including fuzzing) is critical.
That’s why Keysight Technologies, Inc. and Synopsys, Inc. have now partnered to readily provide IoT device manufacturers with a strong cybersecurity assessment solution that can protect consumers when devices are shipped to market.
Key to this Keysight-Synopsys collab is the Keysight IoT Security Assessment solution, and how the Synopsys Defensics fuzzing tool will be embedded as an option for it.
With Defensics added to Keysight’s solution, thorough vulnerability assessment and resolution capabilities are blended with a versatile “fuzzer” (i.e. fuzzing methods) that can analyze more than 300 distinct protocols used across myriad industries to quickly test for unknown vulnerabilities and potential weaknesses.
Per the Keysight-Synopsys official announcement:
“In addition to reporting security flaws uncovered through fuzzing, the solution detects potential exploits resulting from weak authentication and encryption, as well as expired certificates, Android vulnerabilities and Android Debug Bridge (ADB) exposures, known Common Vulnerabilities and Exposures (CVEs), and embedded flaws in protocol stacks, such as Bluetooth Low Energy attacks like Sweyntooth and Braktooth.”
“Securing IoT devices against brutal attacks has become exponentially more difficult for manufacturers with the demand for new devices and increased functionality,” said Ram Periakaruppan, Vice President and General Manager, Network Test & Security Solutions at Keysight Technologies. “By partnering with Synopsys to add their best-of-breed fuzzing tool, Keysight can provide device makers with a comprehensive security testing solution to identify previously unknown protocol stack vulnerabilities in their devices while assessing them for known threats, all from a single, easy-to-use interface.”
And Scott Johnson, Vice President of Product Management for the Synopsys Software Integrity Group – notably, the person credited with this article’s beginning quote – also stated, “Our collaboration with Keysight will provide a valuable solution for customers that combines hardware and Defensics fuzz testing software to conduct automated IoT security testing.”
A cost-effective way to test IoT devices in unique ways to find faults and prevent undue problems. Sounds like a plan.
Edited by
Greg Tavarez
