(Photo Credit: Joshua Sortino, Unsplash)

Author: Ash Wilson, Co-Chair, M3AAWG IoT Special Interest Group

Gartner forecasts that over 20.4 billion IoT devices will be in use by the end of 2020. These devices, while exciting, present complex security challenges that if produced without proper testing can leave sensitive information exposed to attack. As we continue to introduce new devices to the network, it's imperative that manufacturers and researchers implement testing methodologies that take a holistic view at the IoT device ecosystem to protect the privacy and security of companies and consumers alike.

Deral Heiland, Principal Researcher (IoT) at Rapid7, has developed a holistic approach to testing that focuses on the entire IoT ecosystem, rather than separate components. During M3AAWG’s 49th General Meeting Deral will lead a working session titled “Building a Comprehensive IoT Security Testing Methodology”, to help IoT manufacturers, consultants and researchers improve their methods and approach to building and testing the security of IoT devices.

This session will explore:

• How manufacturers, researchers and testers can implement testing that approaches IoT as an ecosystem –– rather than a standalone product –– to ensure that each independent component is secure.
• The different components within an IoT ecosystem, including Embedded Hardware, Management and Control Application, and Cloud Service APIs and Storage, as well as the data and communication flows between these different components. 
• Six focused testing areas to ensure the security of the entire IoT ecosystem: Cloud & Web APIs, Management & Control Applications, Network, Embedded Hardware, Firmware Analysis, and Radio Frequency (RF). 
• Industry best practices and real-world examples of testing in action to provide guidance on how to overcome common security issues within the IoT ecosystem.

Interested in learning more about IoT security testing and going in-depth on best practices to ensure the security of enterprise and consumer IoT devices? Join our IoT Security virtual session during M3AAWG’s 49th General Meeting Thursday, June 11 from 2:00-3:00 pm ET. Sign up here.