Metacube Software (India)
verification and validation
Smart yet flawed – The vulnerable IoT Devices
IoT is a global ecosystem of information and technologies connected to each other. The heterogeneous nature of this ecosystem has posed a huge challenge to many aspects of testing, especially security. An exponential increase in IoT devices’ usage across world has created a huge pressure to ensure security is not breached. The variety of smart devices available and the range of functions they do, presents countless ways of improving different industries and environments. While the “things” in the internet of things benefit homes, factories, and cities, these devices can also introduce blind spots and security risks in the form of vulnerabilities. Vulnerable smart devices open the integration points to attack and can weaken the overall security of the internet.
In this paper, I will explain why the IoT devices are considered vulnerable despite of companies spending billions of dollars on their security. We will discuss the main reasons as:
- IoT devices are equipped to perform limited computational abilities.
- Heterogeneous transmission technology.
- Components and not the device can be vulnerable.
- Lack of user awareness on security aspects.
I am introducing an innovative security test suite which caters both standard and context based security testing. It allows various security test cases to be executed in their varied environment conditions which mimic the real environments where these devices operate. This test suite is dedicated to comprehensive security analysis where devices from handhelds to wireless sensors can be tested. Data gets collected at all stages and stored as a log file for further analysis.
The three sections of this paper are as follows:
- Introducing IoT Vulnerability issues
- Deep dive into the challenges
- Proposed solutions to tackle the vulnerability issues
Vipin Jain has got 19 year experience in the IT industry. A Computer science, he has accumulated a deep knowledge in software projects, their methodologies and quality. He has dedicated the last 15 years of his professional career to Software Quality. Currently working with Metacube Software as Sr. Tech Lead QA, he is involved in establishing QCE at his company and is heading the delivery operations. An avid Speaker and writer, he loves speaking at conferences and delivered many presentations at national and international levels. He is member of Review Committees of various international organizations. He has presented papers all across world. Few of his papers got published in Testing Planet, Nov ‘14 issue, and Testing Planet magazine, in Nov ‘12 issue. He has a proven record of implementing and refining test processes for various clients across the globe. He is also involved in writing several books in Software engineering and web technologies