IoT Security Testing
IoT Security Testing is essential when each year the number of items connected to the internet increases dramatically, these “smart” devices not only include computers and phones but also include devices such as children's toys, doorbells, light switches, fridges, building environment controls. These devices are often called the Internet of Things or “IoT”.
Currently, there is very little regulation or control on the way that devices connect to the internet, this can leave business and families vulnerable to possible attack, data loss and privacy invasion.
About IoT Security Testing
The majority of internet-connected devices don't clearly tell you how to change your default password, which then allows for possibly thousands of devices using the same default password and compromise the IoT Security. Sometimes default passwords are as basic as 'admin', 'password', '1111' or no password at all. These types of security weaknesses can help to lower the overall security of devices.
A recent report from the Internet Society which surveyed global consumers identified many concerns but also 'the trust opportunity'. The opportunity exists for manufacturers to differentiate themselves by offering proof of trustworthy behaviour and demonstrating steps have been taken to design security into their processes and products.
Working with experts from the IoT Security Foundation, IASME has defined a set of 30 checks which can be verified by a national network of certifying bodies such as ourselves. Some of these checks look for changing the default password, allowing the device to be updated, ensuring there is a vulnerability disclosure process in place and ensuring that credentials are sent securely over HTTPS/TLS.
If you go for the self-assessment, similar to the Cyber Essentials scheme, and you satisfy those checks, a certificate is issued to you, and you can use the Basic checkmark on marketing materials.
Why should you look at certifying your IoT product with this certification? By achieving this certification, it helps your business ensure that you are implementing the best practices to secure your device as well as giving your customers peace of mind that their product and home/business networks are going to stay as safe as possible.
This certification also helps ensure that businesses can help verify the IoT security of their internet-connected devices in their supply chain.
The IoT certification scheme is aligned against the ETSI technical standard for IoT security, EN 303 645, and with the proposed UK IoT security legislation and guidance. It is also mapped to the IoTSF Security Compliance Framework.
IoT Security: Certification levels
The IASME IoT Security certification is available in three tiers, these being: Basic, Silver and finally Gold. The cost of the certification is currently £500 + VAT for any of the 3 tiers.
The Basic level is aligned with proposed UK legislation and covers the top three requirements of the ETSI standard.
The Silver level is aligned with the ETSI mandatory requirements and Data Protection provisions.
The Gold level is aligned with the ETSI mandatory requirements as well as all the additional ETSI recommended requirements and Data Protection provisions.The IoT Security certification process is a simple set of questions, which allow the manufacturer to self-assess using the IASME online portal. The questions ask the manufacture about the security controls which are in place on their IoT device and any associated services, such as mobile app or APIs.
Sign up with Hedgehog and complete the online questionaire.
A board member or equivalent senior member of staff must sign a declaration to confirm that all the answers are accurate.
Once certificated, you will receive a certificate and a badge that can be used to highlight your compliance.
You can download and review the questions by following the link, please note, however, if you would like to achieve the certification you will have to contact us to get you set up on the online portal and allow you to get assessed.
As part of the self-assessment, you will have to have several policies in place to be compliant, IASME make some of these policies freely available, which you can find here: https://iasme.co.uk/internet-of-things/helpful-templates/
Hedgehog Security places great emphasis on the quality, reliability, and security of the services it offers. We are fully regulated by CREST, the Council for Regitered Ethical Security Testers and are authorised to deliver Cyber Security Consulting along with Penetration Testing, Vulnerability Scanning and IT Health Checks.
Get in Touch
Kindly fill the form and we will get back to you.