IoT is a whole ecosystem that contains intelligent devices equipped with sensors (sensors) that provide remote control, storage, transmission and security of data. The Internet of Things (IoT) is an innovative solution in various areas such as healthcare, insurance, labor protection, logistics, ecology, etc. To unleash the full potential of using IoT devices, it is necessary to solve many problems related to standards, security, architecture, ecosystem construction, channels and device connection protocols. Today in the world, large organizations such as NIST, IEEE, ISO / IEC, and others make enormous efforts in addressing the issues of standardization, security, and the architecture of developed devices. Analysis of recent scientific research in the field of solving information security issues and data privacy of IoT devices showed positive results, but these methods and approaches are based on traditional methods of network security. The development and application of security mechanisms for IoT devices is a complex and heterogeneous task. In this regard, ensuring information security and the protection of sensitive data, as well as the availability of IoT devices, is the main purpose of writing this article. Given the above, many questions arise related to the security status of IoT devices, namely: What are the current standards and protocols for IoT? What are the requirements for ensuring information security of IoT devices? What security mechanisms do IoT devices have? What methods of testing IoT devices exist? Manufacturers and developers of IoT devices do not pay enough attention to security issues. With the development of cyber-attacks, attack vectors are becoming more sophisticated and aimed at several infrastructure elements at the same time. IoT infrastructure typically includes millions of connected objects and devices that store and share confidential information. Scenarios of theft and fraud, such as hacking and falsifying personal data, pose a serious threat to such IoT devices. Most IoT devices use the public Internet to exchange data, which makes them vulnerable to cyber-attacks. Modern approaches to information security often offer solutions to individual problems, when multi-level approaches offer increased resistance to cyber-attacks.
Challenges of testing IoT devices
To a request to name essential items, many would answer: food, a roof over your head, clothes … With one caveat: this was the case in the last century.
Since then, the species Homo Sapiens has accumulated needs. We need automatic sensors to control the lighting, not just switches, for smart systems to monitor health and car traffic. The list goes on … In general, we can make life easier and better.
Let’s try to figure out how all this Internet of things works before moving on to testing.
IoT testing
Content
What is the Internet of Things (IoT)?
Examples of IoT devices
# 1) Wearable technology:
# 2) Infrastructure and development
# 3) Health
Technologies that are present in IoT
IoT Testing
# 1) Usability:
# 2) IoT Security:
# 3) Network features:
# 4) Efficiency:
# 5) Compatibility testing:
# 6) Pilot testing:
# 7) Check for compliance:
# 8) Testing updates:
IoT testing challenges
# 1) Hard / soft
# 2) Device Interaction Model
# 3) Testing data coming in real time
# 4) UI
# 5) Network Availability
IoT Testing Tools
# 1) Software:
# 2) Hard:
Total
What is the Internet of Things (IoT)?
The Internet of things (or IoT) is a network that combines many objects: vehicles, home automation, medical equipment, microchips, etc. All these constituent elements accumulate and transmit data. Through this technology, the user controls the devices remotely.
Examples of IoT devices
# 1) Wearable technology:
Fitbit Fitness Bracelets and Apple Watch smart watches sync seamlessly with other mobile devices.
IoT – watches and bracelets
Itís easier to collect health information: heart rate, body activity during sleep, etc.
# 2) Infrastructure and development
The CitySense app analyzes lighting data online and turns lights on and off automatically. There are applications that control traffic lights or report on the availability of parking lots.
# 3) Health
Some health monitoring systems are used in hospitals. The basis of their work is indicative data. These services control the dosage of drugs at different times of the day. For example, the UroSense application monitors the level of fluid in the body and, if necessary, increases this level. And doctors will learn about patient information wirelessly.
Technologies that are present in IoT
RFID (Radio Frequency Identification), EPC (Electronic Product Code)
NFC (ìNear Field Communicationî) provides two-way communication between devices. This technology is present in smartphones and is used for contactless transactions.
Bluetooth It is widely used in situations where near-field communication is sufficient. Most often present in wearable devices.
Z-Wave. Low frequency RF technology. Most often used for home automation, lighting control, etc.
WiFi. The most popular network for IoT (file, data and message transfer).
IoT Testing
Consider an example : a medical system that monitors health status, heart rate, fluid content, and sends reports to healthcare providers. Data is displayed in the system; archives available. And doctors are already deciding whether to take medication for the patient remotely.
IoT architecture
There are several approaches for testing the IoT architecture.
# 1) Usability:
It is necessary to provide usability testing of each device.
A medical device that monitors your health should be portable.
Sufficiently thought out equipment is needed that would send not only notifications, but also error messages, warnings, etc.
The system must have an option that captures events, so that the end user understands. If this is not possible, event information is stored in the database.
The ability to process data and exchange tasks between devices is carefully checked.
# 2) IoT Security:
Data is at the heart of all connected devices. Therefore, unauthorized access during data transfer is not ruled out. From the point of view of software testing, it is necessary to check how secure / encrypted the data is.
If there is a UI, you need to check if it is password protected.
# 3) Network features:
Network connectivity and IoT functionality are critical. After all, we are talking about a system that is used for health purposes.
Two main aspects are tested:
The presence of a network , the possibility of data transfer (whether jobs are transferred from one device to another without any hitch).
The scenario when there is no connection . Regardless of the level of reliability of the system, it is likely that the status of the system will be ìofflineî. If the network is unavailable, employees of the hospital or other organization need to know about it (notifications). Thus, they will be able to monitor the condition of the patient themselves, and not wait for the system to work. On the other hand, in such systems there is usually a mechanism that saves data if the system is offline. That is, data loss is eliminated.
# 4) Efficiency:
It is necessary to take into account the extent to which the healthcare solution is applicable in specific conditions.
In testing, from 2 to 10 patients participate, data is transmitted to 10-20 devices.
If the entire hospital is connected to the network, this is already 180-200 patients. That is, there will be more actual data than test data.
In addition, it is necessary to test the utility for monitoring the system: current load, power consumption, temperature, etc.
# 5) Compatibility testing:
This item is always present in the plan for testing the IoT system.
The compatibility of different versions of operating systems, browser types and their respective versions, devices of different generations, communication modes [for example, Bluetooth 2.0, 3.0] is extremely important for IoT.
# 6) Pilot testing:
Pilot testing is a mandatory point of the test plan.
Only tests in the laboratory will allow us to conclude that the system is functional.
In pilot testing, the number of users is limited. They make manipulations with the application and express their opinion.
These comments turn out to be very helpful, they make a reliable application.
# 7) Check for compliance:
The system, which monitors the state of health, undergoes many compliance checks.
It also happens that a software product passes all stages of testing, but fails the final test for compliance [testing is carried out by the regulatory body].
It is more advisable to check for compliance with norms and standards before starting the development cycle.
# 8) Testing updates:
IoT is a combination of many protocols, devices, operating systems, firmware, hardware, network layers, etc.
When an update occurs – be it a system or something else of the above – rigorous regression testing is required. The overall strategy is being amended to avoid the difficulties associated with the upgrade.
IoT testing challengesIoT testing
# 1) Hard / soft
IoT is an architecture in which software and hardware components are closely intertwined. Not only software is important, but also hard: sensors, gateways, etc.
Functional testing alone will not be enough to certify the system. All components are interdependent. IoT is much more complicated than simpler systems [only software or only hard].
# 2) Device Interaction Model
Components of the network must interact in real time or close to real. All this becomes a single whole – hence the additional difficulties associated with IoT (security, backward compatibility and updates).
# 3) Testing data coming in real time
Obtaining this data is extremely difficult. The matter is complicated by the fact that the system, as in the described case, may relate to the health sector.
# 4) UI
An IoT network usually consists of different devices that are controlled by different platforms [iOS, Android, Windows, linux]. Testing is possible only on some devices, since testing on all possible devices is almost impossible.
# 5) Network Availability
Network connectivity plays an important role in IoT. The data rate is increasing. IoT architecture should be tested under various connection conditions, at different speeds. Virtual network emulators in most cases are used to diversify network load, connectivity, stability, and other elements of load testing . But the evidence is always new scenarios, and the testing team does not know where the difficulties will arise in the future.
IoT Testing ToolsIoT and software
There are many tools that are used in testing IoT systems.
They are classified depending on the purpose:
# 1) Software:
Wireshark : An open source tool. Used to monitor traffic in the interface, source / given host address, etc.
Tcpdump : This tool does a similar job. The utility does not have a GUI, its interface is the command line. It enables the user to flash TCP / IP and other packets that are transmitted over the network.
# 2) Hard:
JTAG Dongle: A tool similar to debuggers in PC applications. Allows you to find defects in the code of the target platform and shows the changes step by step.
Digital Storage Oscilloscope : checks various events using time stamps, power outages, signal integrity.
Software Defined Radio : emulates a transmitter and receiver for various wireless gateways.
IoT is an emerging market and many opportunities. In the foreseeable future, the Internet of things will become one of the main areas of work for tester teams. Network devices, smart gadget applications, communication modules – all this plays an important role in the study and evaluation of various services.
Total
The approach to testing IoT may vary depending on the specific system / architecture.
Itís difficult to test IoT, but at the same time itís an interesting job, since testers have a good place to swing – there are many devices, protocols and operating systems.
PS You should try out the TAAS format (“tests from the user’s point of view”), and not just fulfill the formal requirements.
—————
Smart watches, baby-sitters, wireless gadgets and devices such as, for example, a portable radio station have long been part of everyday life.
Hackers have already proven that many of these attacks on IoT are possible.
Many people in general first learned about IoT security threats when they heard about the Mirai botnet in September 2016.
According to some estimates, Mirai infected about 2.5 million IoT devices, including printers, routers and cameras connected to the Internet.
The botnetís creators used it to launch distributed denial of service (DDoS) attacks, including an attack on the KrebsonSecurity cybersecurity blog.
In fact, the attackers used all devices infected with Mirai to try to connect to the target site at the same time, in the hope of suppressing the servers and preventing access to the site.
Since Mirai was first published on the news, attackers launched other botnet attacks on IoT, including Reaper and Hajime.
Experts say that such attacks are most likely in the future.
The Internet of Things (IoT) can bring many advantages to modern life, but it also has one huge drawback: security threats.
In its 2018 IOT forecasts, Forroter Research notes: ìSecurity threats are a major concern for companies deploying IoT solutions – in fact, this is the main task of organizations looking to deploy IoT solutions.
However, most firms do not regularly prevent IoT-specific security threats, and business pressure suppresses technical security issues. î
IoT security risks can be even more significant on the consumer side, where people are often unaware of potential threats and what they should do to avoid threats.
A 2017 IoT security survey sponsored by Gemalto Security Provider found that only 14 percent of consumers surveyed consider themselves IoT-aware.
This number is particularly noteworthy because 54 percent of the respondents owned an average of four IoT devices.
And these IoT security threats are not just theoretical.
Hackers and cybercriminals have already found ways to compromise many IoT devices and networks, and experts say that successful attacks are likely to increase.
Forrester predicted: “In 2018, we will see more attacks related to IoT … except that they will increase in scale and loss.”
What types of IoT security threats will enterprises and consumers face in 2018?
Based on historical precedent, here are ten of the most likely types of attacks.
- Botnets and DDoS attacks
- Remote recording
The possibility that attackers can hack IoT devices and record owners without their knowledge is not revealed as a result of the work of hackers, but as a result of the work of the Central Intelligence Agency (CIA).
Documents released by WikiLeaks implied that the spy agency knew about dozens of zero-day exploits for IoT devices, but did not disclose errors, because they hoped to use vulnerabilities to secretly record conversations that would reveal the actions of alleged opponents of America.
Documents pointed to vulnerabilities in smart TVs, as well as on Android and iOS smartphones.
The obvious consequence is that criminals can also exploit these vulnerabilities for their vile purposes.
- Spam
In January 2014, one of the first known attacks using IoT devices used more than 100,000 Internet-connected devices, including televisions, routers, and at least one smart refrigerator to send 300,000 spam emails per day.
The attackers sent no more than 10 messages from each device, which makes it very difficult to block or determine the location of the incident.
This first attack was not far from the last.
IoT spam attacks continued in the fall with the Linux.ProxyM IoT botnet.
- APTs
In recent years, advanced persistent threats (APTs) have become a serious concern for security professionals.
APTs are carried out by funded and widespread attackers such as nation states or corporations that launch complex cyberattacks that are difficult to prevent or mitigate.
For example, the Stuxnet worm, which destroyed Iranian nuclear centrifuges and hacking Sony Pictures 2014, was attributed to nation states.
Because the critical infrastructure is connected to the Internet, many experts warn that APTs may launch a power-oriented IoT attack, industrial control systems, or other systems connected to the Internet.
Some even warn that terrorists could launch an attack on iOT, which could harm the global economy.
- Ransomware
Ransomware has become too common on home PCs and corporate networks.
Now experts say that it is only a matter of time before the attackers begin to block smart devices.
Security researchers have already demonstrated the ability to install ransomware on smart thermostats.
For example, they can raise the temperature to 95 degrees and refuse to return it to its normal state until the owner agrees to pay a ransom in Bitcoins.
They can also launch similar attacks on garage doors, vehicles, or even appliances.
How much would you pay to unlock your smart coffee pot first thing in the morning? - Data theft
Obtaining important data, such as customer names, credit card numbers, social security numbers, and other personal information, is still one of the main goals of cyber attacks.
IoT devices represent a whole new vector of attack for criminals looking for ways to invade corporate or home networks.
For example, if an improperly configured device or IoT sensor is connected to corporate networks, this can give attackers a new way to enter the network and potentially find the valuable data that they need.
- Home theft
As smart locks and smart garage doors become more commonplace, it is also more likely that cybercriminals can become real thieves.
Home systems that are not properly protected can be vulnerable to criminals with sophisticated tools and software.
Security researchers are unlikely to have shown that itís quite easy to break into a house through smart locks from several different manufacturers, and smart garage doors do not seem to be much safer.
- Communication with children
One of the most disturbing IoT security stories came from children.
One couple discovered that the stranger not only used his monitor for children to spy on their three-year-old son, this stranger also spoke with his child through the device.
Mother heard an unknown voice: ìWake up, boy, dad is looking for you,î and the child said that he was scared because at night someone was talking to him on an electronic device.
As more and more children’s gadgets and toys connect to the Internet, it seems likely that these frightening scenarios may become more common.
- Remote control of a vehicle
As vehicles become smarter and more accessible on the Internet, they also become vulnerable to attack.
Hackers have shown that they can take control of a jeep, maximize air conditioning, change the radio station, start the wipers, and ultimately slow down the car.
The news led to the recall of 1.4 million cars, but whitehat researchers, following the original exploit, said they discovered additional vulnerabilities that were not fixed by the Chrysler patch applied to the recalled cars.
Although experts say the automotive industry is doing a great job of ensuring vehicle safety, it is almost certain that attackers will find new vulnerabilities in such smart cars.
- Personal attacks
Sometimes IoT covers more than just devices – it can also include people who have connected medical devices implanted in their bodies.
An episode of the television series Homeland attempted a murder aimed at an implanted medical device, and former vice president Dick Cheney was so worried about this scenario that he turned off the wireless capabilities on his implanted defibrillator.
This kind of attack has not yet happened in real life, but it remains possible, as many medical devices become part of the IoT.
No comments:
Post a Comment