IoT Center of Excellence
On top of the usual threats inherent to IT networks, applications, and cloud services, IoT devices can create a massive, distributed attack surface. Our CoE conducts ongoing research on this massive machine-to-machine (M2M) and machine-to-human world that includes anything from an industrial control system to medical devices to robotics. Our most recent research involved hardware and wireless attacks on Bluetooth and Z-Wave enabled “smart locks."
The combination of our strong crypto, embedded architecture, and software security analysis expertise allows us to hunt down security problems in our client’s IoT systems and deliver the training they need to build internal competency.
IoT Security Assessment
We provide full-stack analysis for your IoT systems and supporting infrastructure and can help properly design and assess IoT solutions at the physical, communications, and software levels.
IoT Computer-Based Training
We offer several courses for architects, developers and Testers/QA to ensure they consider countermeasures specific to embedded and cloud threats during each phase of development.
Our Embedded Curriculum covers:
- Impact of physical hardware access on threat model and attack surface
- Secure transmission and installation of firmware updates
- Improperly protected debug interfaces
- Attacks on hardware devices and embedded systems
- Protocol sniffing and reverse engineering
- Extracting sensitive data from memory
Security Innovation also has vast experience securing IoT systems including:
- Security requirements and design review for mission-critical application migration to the cloud
- Security analysis of cloud API gateways, middleware, multi-national infrastructure deployment, and data backup systems
- Penetration test of consumer cloud printing services
- Cloud application deployment review for an IoT Web Service
Our IoT clients include Applied Materials, APC, iRobot, Tyco, TIVO, APC, Boeing, Diebold, Rockwell Automation, and others.