Smart cars. Smart security cameras. Smart medical implants. Even the smart egg tray in your smart fridge. Everything around you is always connected and communicating, swapping data with other devices and uploading it to the global internet to help your automobile, home, factory, business, and body perform better. It's hard to argue IoT's popularity and pervasiveness—or its value.
But as these devices become more integral to our lives, the need to secure them grows at pace. Many are susceptible to vulnerabilities, yet, despite this, security teams often can't dedicate either the time or the expertise to secure connected devices on their own. Fortunately, you don’t have to do it alone. You’ve got Rapid7.
Whether you’re creating a new IoT product or deploying an IoT solution, our experienced and skilled consultants will help you identify risk and vulnerabilities, and apply solutions to mitigate security issues across your IoT ecosystem.
Rapid7 understands the complexity of IoT and connected systems and will assess the highest risk systems and communications, so you can focus on the entry points that matter. Working closely with your team, we’ll develop comprehensive threat models of your entire system that can evolve and live with your complete product lifecycle and help you identify and mitigate the most critical issues, as well as provide a document of your product’s security posture.
Device design consulting
Designing hardware is often the first step of a major project and can determine your limitations and weaknesses. This service provides your engineers with one-on-one time with our security consultants during design time. We offer consulting from the ground up so that hardware issues don’t become the Achilles heel of your software security architecture.
IoT penetration testing
Our penetration and system analysis testing goes beyond basic analysis to consider the whole ecosystem of the IoT technology, covering every segment and how each impacts the security of the whole. Our testing includes the IoT mobile application, cloud APIs, communication and protocols, and embedded hardware and firmware.
Rapid7 will examine the physical security and internal architecture of the device – including internal components – to determine the breadth and depth of its physical attack surface. This service may include component indication, firmware extraction, identification of test points, and reconfiguring the device’s hardware to bypass authentication, intercept traffic, and/or inject commands that may pose a significant risk to your organization and clients.
Rapid7 will test communications to and from the device. This includes testing the cryptographic security of encrypted transmissions, the ability to capture and modify transmissions of data, and fuzzing of the communication protocols. We will assess the security of communication protocols and determine the risk to your organization and clients.
Rapid7 will extract and examine the content of the firmware in an attempt to discover backdoor accounts, injection flaws, buffer overflows, format strings, and other vulnerabilities. We will also assess the device's firmware upgrade process for vulnerabilities and perform a secure boot review process to ensure that public key encryption and upgrade functionality is secure.
After an attack, getting information from anything more than device logs can be a non-trivial task. Rapid7’s hardware teams can assist in pulling information directly from a product. This service is focused mainly on criminal cases and law enforcement; often, IoT devices have tracking and recording capabilities not publicly exposed. Our incident response team can determine what information is available for use in an investigation.
Planes, trains, and automobiles – or any things that move – often have complex security requirements. And while many security companies simply add encryption or an IDS solution, this just increases overhead and costs without addressing the real problem. Rapid7 goes beyond understanding CAN, LIN, FlexRay, and other network protocols to provide assessments and recommendations that won’t affect your product's performance, but will solve your specific needs and concerns.
Deral Heiland, CISSP, has over 20 years of experience in Information Technology, and has held multiple positions including: Senior Network Analyst, Network Administrator, Database Manager, Financial Systems Manager and Senior Information Security Analyst. Over the last 8+ years Heiland’s career has focused on security research, security assessments, penetration testing, and consulting for corporations and government agencies. Heiland has conducted security research on numerous technical subjects, releasing white papers, security advisories, and presenting at numerous national and international security conferences including Blackhat, Defcon, Shmoocon, DerbyCon, Hackcon Norway, and Hack In Paris. Heiland’s commentary has appeared in several media outlets and publications including ABC World News, Bloomberg UTV, MIT Technical Review, MSNBC, SC Magazine, Threat Post and The Register.