Datasheet

Huge growth in connected devices, the Internet of Things, and home automation is revolutionising our day-to-day lives. The positive impact on work, entertainment, convenience, and communications is substantial, but there are also growing concerns regarding security and privacy. The Cyber Security division of Eurofins Digital Testing offers a Cybersecurity Assessment program for Connected Devices, to help address these concerns.

Challenges

The security measures in most connected devices are limited, in the consumer sector and in Industrial IoT. The level of risk awareness is relatively low among users and device manufacturers alike, when compared with IT and networking products. Any connected device can be a target for cyber criminals, from smart meters to industrial robots, and from smart lighting to baby monitors. Even simple devices can offer an entry point into networks where real damage can be done, or can be used to build a bot-net to carry out much wider attacks.

Frequently, time-to-market dictates the development cycles of new devices, with security a long way down the list of priorities. Reuse of modules and components can also introduce security vulnerabilities. And once devices are in the market it is often difficult or impossible to fix vulnerabilities.

There has been almost zero enforced regulation or guidance, from governments or business, relating to security of IoT devices, and even if consumers are aware of the risks there is rarely any indication when purchasing a device whether or not it is secure.

Cyber Security Assessment for Connected Devices

www.eurofins-cybersecurity.comcybersecurity@eurofins.com

Datasheet

Eurofins Solution

Eurofins Digital Testing has decades of experience in Cybersecurity, delivering security awareness programs, network and infrastructure assessments, and ethical hacking and testing services across many industries. Security testing of even apparently simple IoT devices is actually a complex process, but we offer a cost-effective assessment program that can be tailored to suit device types, use cases, and budget. Scoping an assessment begins with:

- The type of device: simple, complex, whether sensitive data is processed

- The extent of coverage required in the assessment, based on the environment in which the device operates

A wide range of assessment techniques and tools are applied, to address the attack surfaces and risk profile of each specific device, including:

- Network communication checks- Firmware vulnerability scan- Reverse engineering of firmware- Hardware hacking- Wireless communication checks- Serial communication checks- Targeted fuzzing tests- Mobile application spot checks- Connected service checks Whatever the scope of the assessment, a detailed report is provided on the level of security in the device and identifying any vulnerabilities or risks identified. Eurofins can provide supporting services to a help address any vulnerabilities and then retest.

Standards Alignment

Although there is virtually no regulation, or widely recognised certification schemes for consumer IoT, there are several developing standards and sets of guidelines. Legislation is starting to be seen in some jurisdictions, with limited scope.Where required, we can report the results of an IoT Device assessment with reference to one or more of the following published standards or guidelines, and if necessary focus the assessment accordingly.

- ETSI EN 303 645- UK Government (DCMS) Code of Practice for

Consumer IoT- IoT Security Foundation Compliance

Framework- OWASP IoT Top 10- NIST IR 8259- ENISA Baseline- CTIA Cybersecurity Certification Test Plan for

IoT Devices- California Bill SB-327- GDPR- And others…

Datasheet

www.eurofins-cybersecurity.comcybersecurity@eurofins.com

About Eurofins Cyber Security The Eurofins Cyber Security team has over 100 cyber security experts focusing on helping organisations to ensure the continuity of their business, processes and devices by resisting cyber threats. Eurofins Cyber Security is part of Eurofins Digital Testing, a global leader in end-to-end Quality Assurance (QA) and cyber security. We work with key high-technology businesses in the consumer electronics, software development, automotive, IoT, connected health and media markets. We are also part of Eurofins Scientific, which has more than 800 laboratories in 47 countries and over 45,000 employees worldwide. Since its foundation in 1987, Eurofins has grown to be a highly-regarded organization with a level of expertise that makes its operations the first call for businesses around the world who are looking for the highest standards in testing.

Contact Website: www.eurofins-cybersecurity.comEmail: cybersecurity@eurofins.com

Eurofins Cyber Security: Your trusted partner in Cyber Security