Category Archives: IoT

The S in IoT stands for Security

Security in IoT has to be taken more seriously and not just as an afterthought once the device is compromised.  Why are there so many devices out there that are just wide open to the most basic hacks? Many have default passwords and don’t even use encryption. Whose responsibility is it to fix it and ensure in the future these devices are safe to have in our lives & houses and start the slow process of rebuilding consumer trust.

With the recent negative headlines regarding IoT devices being hacked and used as a mass weapon on other parts of the Internet, surely this is going to start effecting customer decisions on what products they buy? Who can they trust? Can they trust for example Philips smart light bulbs or Nest smart thermostat? Both companies have had recent issues regarding products being compromised

Is it not about time for the IoT industry to start to regulate or impose increased security on devices? Consumers want cheap devices and manufacturers are meeting this demand by producing low-end devices to ensure they can meet the price point, which usually means there is little investment in security within the device.  The recent DDOS attacks were caused by the Mirai malware, which tries a combination of 60 different usernames/passwords to gain access to a device. The result was the Dyn DNS services were hit by 10s of millions of IP addresses trying to flood its servers. Chinese manufacturer ‘Hangzhou Xiongmai Technology’, produces DVRs and internet-connected cameras, it has admitted it may have inadvertently played a big part in the recent attack due to the fact all its devices had weak passwords.  They have now started the task of trying to patch each of its products. Find out More

Who is going to start the slow process of rebuilding consumer trust in IoT devices? The only real answer has to be increased regulation but there is a current myriad of competing standards all fighting for top spot.  Whilst the industry waits for the governments and IoT consortiums to start the regulation process it has to be up to the IoT providers to ensure the quality and security of their products. They must ensure that products pass through a vigorous QA process and be verified against the latest security standards. There must also be consideration for ongoing maintenance of the products ensuring they are regularly updated depending on their criticality. IoT devices have to be developed with the same level of support as for example your laptop, just as the online threats are ever changing, then Microsoft are forever patching and blocking these threats. Based on risk levels then IoT devices should have ongoing support and maintenance to ensure they remain secure against the latest security holes.

Test and Verification Solutions (T&VS) IoT lab and certification process helps enable companies to ensure their products conform against the latest industry standards and QA & security testing best practices.

For more information see here

How to secure the future of IoT

The world of IoT security just became more complex. IoT devices are no longer a potential threat to their owners, now they pose a significant threat to everything connected to the Internet. Security features must be considered early in the design process to ensure the device is protected from the advanced cyber-threats they will be facing now as well as attacks that will be created in the future.

This article from SemiWiki describes how to overcome security challenges in the world of IoT and outlines what must be done to protect the lifecycle of IoT devices, from inception to retirement.

Read More


Find how T&VS IoT Certification process ensures products conform to the latest international standards and QA & security testing best practices.

Is IoT Really the New Wild West?

This weekend has seen many new headlines in the mainstream press regarding the recent botnet attack creating more fear and lack of consumer trust in IoT devices, headlines such as:

  • “Do you want your shower to help Russian hackers? “
  • “IoT-enabled botnet launches record 1.5Tbps DDoS attack!”

Just why are IoT devices so vulnerable and who is going to help fix the issues or is IoT really the new wild west.

Hijacking Internet Connected Devices

The botnet attack occurred as hackers were able to hijack a vast number of internet connected devices (such as IoT wifi routers / home cameras) which they then used to throw vast amounts of junk traffic at DNS services operated by US company Dyn. With the DNS service being down, hundreds of very popular websites were inaccessible including: Netflix, Twitter, GitHub, AirBnB etc.

Why were IoT devices used in such an attack?

The reason is simple, most of the devices have very limited security measures which meant the hackers could easily place their malware on to the devices. In a recent survey by HP it found that over 70 percent of the IoT devices and sensors examined were susceptible to one or more of the vulnerabilities in the OWASP Internet of Things Top 10. Over the last few years there has been many examples of security flaws in IoT devices such as the very public example of Osram Lightify smart bulbs that security experts found could enable hackers to breach home Wi-Fi networks. Nine flaws in the Home and Pro versions of Osram Lightify could let attackers gain access to home Wi-Fi network and activate the lights. Connected devices create an increased level of intrusion in our lives, generating new types and unprecedented quantities of data, raising further the importance of quality and security in such products.

Who is at Fault for IoT Security Vulnerabilities?

Consumer trust in IoT is already low but who is going to start to address the issues. Is it the responsibility of the consumer who owns the device to ensure it has the latest security patches? Is it the networks that allow the attacks to occur and could block the traffic? Is it the manufacturers who produce the products, should they be made to maintain updates for a period?

The problem with IoT is that consumers won’t fix it as they demand cheap products and manufactures are meeting this request with creating simple products, sometimes on a shoe-string. The only real answer has to be increased regulation but there is a current myriad of competing standards all fighting for top spot. Whilst the industry waits for the governments and IoT consortiums to start the regulation process it has to be up to the IoT providers to ensure the quality and security of their products.

The Solution

They must ensure that products pass through a vigorous QA process and be verified against the latest security standards. There must also be consideration for ongoing maintenance of the products ensuring they are regularly updated depending on their criticality. Unless these issues are addressed the only winners in the IoT wild west will be the hackers.

The T&VS IoT lab and certification process helps companies to ensure their products conform to the latest industry standards and QA and security testing best practices.

For more information see: T&VS IoT lab and certification

Find out more at the 52nd Test Management Forum

Mike Bartley Founder & CEO, TVS
Mike Bartley
Founder & CEO, T&VS

Mike Bartley, CEO and Founder of T&VS will expand on this discussion at the 52nd Test Management Forum taking place in London on Wednesday 26 October 2016.   Join us there.

Update: Presentation Slides Now Available

Abstract of talk:

The Internet of Things (IoT aka M2M) refers to an expanding network of interconnected internet-enabled devices. In the future everything will be connected, the current thinking is that only 2% of items in the world are connected and there is still 98% to go!  Estimates suggest that by 2020 there will be in the region of 50bn IoT devices – all talking with one another on a constant basis.

If you are a manufacturer, solution builder, or service provider, then how will you ensure that your solution works, will it stay connected to the different access points? IoT is going to drive the importance of interoperability between different markets/sectors and technologies. Customers today vote with their feet and are not loyal with poor performing products. How will you test your product with varying network conditions? How will your device work in the wild?

In this talk we will discuss what is required by a “IoT device testing lab” – e.g. conformance to all the standard protocols, connection with the standard network providers, some basic security testing?

We will also discuss whether we should consider an “IoT Kitemark” to provide some level of assurance?

Cyber security measures for IoT medical devices

With the incidents of healthcare-industry cyber attacks and data breaches increasing, the issue of medical devices that are connected via the Internet of Things (IoT) is exponentially increasing. This article from Electronic Specifier describes how to implement and integrate cyber security measures when developing healthcare IoT appliances.

Read More


Find out how T&VS Medical Testing services help to ensure better IoT Security in the healthcare industry.