사이버 보안

Identifying the Top Device Threats of 2022

2023년 3월 8일 · 1 분 소요

Spirent SecurityLabs’ extensive experience in testing a range of environments combined with Spirent’s industry-leading expertise in device penetration testing, offer an overview of the top device threats of 2022 in a detailed report highlighting the potential impact of these vulnerabilities.

As the presence of IoT devices continues to rise across a range of industries, with no end in sight, so too does the myriad of attack surfaces. This means organizations face a range of security requirements for IoT devices in networks, their systems, services, firewalls, IDS, IPS solutions, and more. All must be secure. To achieve that end, the devices must be tested effectively.

IoT devices have a variety of testing requirements for security assurance which include these categories:

Device networks
Device application, API, and cloud
Device hardware
Device mobile interface

Spirent SecurityLabs device testing

Spirent’s IoT security consultants are industry-recognized experts and have attained certification from a broad range of standards bodies and industry consortiums. Spirent is a CTIA authorized test lab for IoT Cybersecurity Certification. Their customer base covers a broad field of industires and use cases. Their critical mass of findings each year provide industry leaders bellwether indicators of trends in security vulnerabilites.

The device security framework of Spirent SecurityLabs evaluates authentication and authorization, firmware update mechanisms, security of interfaces, and device penetration testing methodology to discover configuration weaknesses and uncover exploitable vulnerabilities in the following areas:

Obtaining unauthorized access to sensitive data
Making unauthorized changes to data or program
Bypassing authentication and authorization mechanisms
Elevation of privilege
Code injection
Service crashes
Memory leaks
Input validation weaknesses
Serialization issues
Man-in-the-middle (MITM) attacks

SecurityLabs findings: The top device vulnerabilities

The top device vulnerabilities found by SecurityLabs in 2022 were:

Unencrypted communications
Hardcoded cryptographic keys
Reprogrammable components
Insecure boot process
Weak and non-standard cryptographic algorithms
Weak and common credentials
Unencrypted storage
Accessible serial console
Outdated software
Insecure APIs
High privileged running services

To learn about potential impact of vulnerabilities on devices and more, read the 2022 Device Threat Report.

콘텐츠가 마음에 드셨나요?

여기서 블로그를 구독하세요.

블로그 뉴스레터 구독

태그: 사이버 보안, 5G, 보증, 자동화, 클라우드 & 가상화, Communication, 디바이스 & 서비스, 정부, 방위 및 항공우주, 기업, IoT, 모바일 네트워크, Spirent 서비스

Sameer Dixit

VP, Security Consulting

Sameer is Vice President of Security Consulting at Spirent Communications, leading the Spirent SecurityLabs ethical hacking and security research team. Sameer is recognized a leader in cyber security, with 20 years’ of experience in penetration testing and security research. Sameer has contributed research for leading industry groups such as OWASP and CTIA, and regularly contributes on security-related topics to leading publications and outlets such as Security Week, Business Insider, ZDnet, SC Magazine and Security Boulevard. He has also spoken at cyber security conferences such as DefCon, CyberSecurity Chicago, BlockCon, MilCis, Arm Tech Con, SINET Innovation Summit and IoT Slam etc. on security trends related to the emerging web, mobile communications, IoT, Cloud, 5G and the automotive industry. Prior to Spirent, Sameer has worked for a number of leading security companies, including Trustwave-SpiderLabs and Cenzic Inc., where he led the incident response, penetration testing, vulnerability scanning and managed security testing services team.