IBM Security recently announced the launch of two new security testing practice areas focused on automotive security and the Internet of Things (IoT). The new services will be delivered via a team of IBM X-Force Red researchers focused on testing backend processes, apps and physical hardware used to control access and management of smart systems.
The new IoT services will be delivered alongside the Watson IoT Platform to provide security services by design to organizations developing IoT solutions for all industries. With 58 percent of organizations testing their IoT applications only during the production phase, the potential for introducing vulnerabilities into existing systems remains unacceptably high. The Watson IoT Platform provides configuration and management of IoT environments, and the IBM X-Force Red services bring an added layer of security and penetration testing.
IBM X-Force Red marked its first-year anniversary with the addition of security specialists such as Cris Thomas (aka Space Rogue) and Dustin Heywood (aka Evil_Mog with Team Hashcat), who add to the team's impressive roster of talent globally. To further optimize their engagements, IBM X-Force Red has also built a password cracker called “Cracken” designed to help clients improve password hygiene.
“Over the past year, we've seen security testing further emerge as a key component in clients' security programs,” said Charles Henderson, Global Head of IBM X-Force Red. “Finding issues in your products and services upfront is a far better investment than the expense of letting cybercriminals find and exploit vulnerabilities. Our own investments in people, tools and expertise have more than tripled our security testing capabilities in the first year of IBM X-Force Red, making our offense our clients' best defense.”
Connected Car Security is a Global Priority
With the current and future security challenges to Connected Transportation in mind, IBM X-Force Red has created an automotive practice dedicated to helping clients secure hardware, networks, applications, and human interactions. IBM X-Force Red worked with more than a dozen automotive manufacturers and third-party automotive suppliers to build expertise and programmatic penetration testing and consulting services. The formation of the automotive practice aims to help to shape and share industry best practices and standardize security protocols.
The new automotive practice is also applying some of the findings from research disclosed by IBM X-Force Red early this year that notified consumers and the automotive industry of security pitfalls inherent in connected cars. The research looked at the insecure transfer of ownership between owners of some connected cars, which may create an opportunity for a malicious takeover of the functions of the vehicle, such as locking and unlocking of doors, remote start, light and horn control, and the ability to geo-locate the current owner through a mobile app.
Edited by Ken Briodagh