There are almost 19 billion connected Internet of Things (IoT) devices all around the world, with the market expected to grow to 40 billion by 2030. Regardless of industry, connectivity has proven to be key in driving innovation, achieving compliance, and ensuring accountability.
Along with this growing reliance on IoT devices for manufacturing, industrial automation, energy metering, and life safety comes another growing challenge: cybersecurity.
As an industry-leading IoT and IIoT solutions provider, we take cybersecurity very seriously. Which is why we continually put our cloud-based Software-as-a-Service (SaaS) platform, MSA Grid, through regular and rigorous third-party penetration testing.
But did you know that to help protect our customers from security vulnerabilities and breaches, we also put our FieldServer gateways through hardware penetration testing?
Keep reading to learn more.
What is hardware penetration testing?
A hardware penetration test (sometimes called a “pen test”) is a lot like a checkup for your health or your vehicle. It’s a best-practice assessment designed to identify potential issues so they can be addressed and corrected before becoming a more serious problem.
In addition to our in-house security teams, MSA uses independent, unbiased third-party security professionals for penetration testing. These penetration testers launch real-world-inspired, simulated attacks on the design, firmware, and communication interfaces of our FieldServer gateway devices.
Essentially, they’re looking to find a way “in” through our devices by mimicking actual attacks. They also assess our hardware for potential vulnerabilities and identify opportunities for cyberhackers to gain access to networks, devices, and systems through our devices.
In a medical or automotive checkup, the diagnosing professional typically recommends a course of action, including changes, repairs, and perhaps an overhaul. The same is true for hardware penetration testing.
Penetration testing enables us to learn how hackers could breach our hardware. So, essentially, we’re getting insider information to use against malicious actors. Our penetration testers provide us with a detailed report that outlines their findings and recommendations for strengthening security.
In addition to mitigating vulnerabilities, we use the findings from our penetration tests to inform the design of future iterations of our industry-leading gateways.
Common Vulnerabilities in IoT Gateway Hardware
Third-party penetration testing is crucial for any connected device that has security or privacy implications. This includes such devices as IoT sensors, embedded systems, routers, and industrial and automation controls.
Here are some examples of potential hardware vulnerabilities that penetration testing may uncover:
Weak Authentication
This vulnerability opens the potential for unauthorized access. That’s why default usernames and passwords should always be changed. Other best practices including implementing strong password policies and employing added verification steps.
Insecure Communication
To prevent interception or tampering, it’s important to encrypt data, ensure proper security certificates, and employ strong, updated protocols.
Outdated Firmware or Software
One of the best ways to avoid this type of exposure is to use hardware devices like FieldServer, which enable automatic updates to be downloaded and installed in a timely manner.
Misconfigurations and Default Settings
Even the most secure systems can be breached through unnecessarily exposed network services, insecure default configurations, and permissive access and authorization controls.
Lack of Encryption on Data Storage and Transfer
Failing to properly encrypt sensitive data—including data at rest and data backups—can leave data vulnerable to unauthorized access.
The Hardware Penetration Testing Process
Although penetration methodologies vary, our testing partner uses best industry standards for testing, including very specific methodology that consists of phases and tests ranging from information gathering to identity management testing to authentication testing.
In addition, our testing service employs a classification methodology based on the OWASP Risk Rating Methodology. This means that each finding is analyzed for likelihood and impact, then rated for severity on a scale of 1 to 9.
In general, here are some of the key aspects of hardware penetration testing:
- Firmware analysis: This inspection includes looking for hidden backdoors or weak spots that could be exploited. It also can include identifying things that are not adequately secured, such things as hard-coded passwords or update processes.
- Side-channel attacks: This involves examining non-typical aspects of the hardware, such as how much power a device is using or the electromagnetic signals it gives off. Believe it or not, these seemingly innocuous things could reveal sensitive information like encryption keys.
- Physical access: To determine how well the hardware is protected against tampering, this testing includes a check of every physical aspect of the hardware.
- Communication interfaces: With this test, USB ports, Bluetooth connections, and Wi-Fi capabilities are put under a proverbial microscope to ensure that they’re using secure protocols and proper authentication.
FieldServer Hardware Security
Here’s a look at a few of the most important ways we’re securing our FieldServer gateway devices:
- FieldServer validates the filename of the firmware to be download to the hardware. By only allowing authorized and unaltered firmware to be loaded on the FieldServer, FieldServer will resist a path traversal attack.
- In addition to requiring a unique password for logging in to our embedded web interface, the FieldServer employs three levels of security: (1) HTTP, (2) HTTPS – SSL certificate, and (3) HTTPS – SSL self-signed certificate (the highest level of security).
- Coming soon, FieldServer will include a Trusted Platform Module (TPM) that stores RSA encryption keys specific to the host system for hardware authentication. The TPM will check that the firmware download has an appropriate RSA encryption key. If not, the firmware download will not be installed.
Conclusion
The main goal of hardware penetration testing is to ensure that appropriate security controls
exist within our hardware to help preserve the integrity, confidentiality and availability of information and resources.
In addition to general network and system security experience, our third-party penetration testing partner has specific, in-depth expertise in many critical infrastructure environments, including operational control systems such as Supervisory Control and Data Acquisition (SCADA) systems.
Keep in mind, however, that security protocols don’t stop with penetration testing. It’s up to our team of expert engineers to synthesize the penetration test findings, prioritize the vulnerabilities, and develop a comprehensive mitigation plan. Equally important is that the end users of our gateway products have their own security measures in place.
Remember, securing connected devices is vital to protecting network, automation, and other operational systems from attack. Contact us if you need help, have questions, or want to learn more about the security of our FieldServer gateway solutions.
More IoT Cybersecurity Resources
- Cybersecurity for Connected Automation: A Special Report for Design Engineers
- Cyber Safety: How MSA FieldServer Strengthened Security
- Understanding Security of the MSA Cloud
Sources:
IoT Business News. (2024) State of IoT 2024: Number of connected IoT devices growing 13% to 18.8 billion globally.
OWASP.org. OWASP Testing Guides.