Working Session
Speakers: Deral Heiland, Principal Security Researcher (IoT) Rapid 7
With such a large number of IoT devices connected to our personal and corporate networks and expected to continue to expand at an alarming rate, a strategic and focused effort is crucial to successfully secure today’s IoT-driven world. A necessity to meet this goal is to develop a comprehensive security testing methodology for identification and mitigation of security vulnerabilities within IoT products. This security testing methodology requires a holistic approach that focuses on the entire IoT product ecosystem, including: hardware, firmware, network, Radio Frequency (RF) communication, mobile applications, and Cloud and API environments, with a substantial focus on the inter-component communications and data flow within the product ecosystem. During the presentation, attendees will learn about the IoT ecosystem components and the security implications of those interconnected components as the audience is guided through methodologies around the holistic security testing of IoT products. In this presentation, real-world security testing examples are discussed, covering common security issues identified across various segments of a typical IoT ecosystem and how each of those issues can impact the overall security posture of the entire IoT product’s ecosystem. Throughout this presentation, IoT security testing structure and methodology will be presented along with the industry best practices and challenges, pitfalls, and lessons learned during the creation and implementation of an IoT security testing program. We anticipate this will help empower IoT manufacturers, consultants, and researchers in improving their approach and methods towards building and testing IoT and other emerging technologies.