Driven by the advancement of semiconductor manufacturing process and the increasingly robust cloud service, the adoption of Internet of Things (IoT) devices is growing steadily. What follows is that many security incidents that caused significant losses occurred due to insufficient product security, such as the Mirai Botnet that occurred in 2016. The reason for the virus outbreak is that the product does not ask consumers to change their management password after the first login. Such product design flaw enables hackers to easily get control permission to access the hundreds of thousands of web cameras worldwide. They not only can control these web cameras, but also can launch high-volume DDoS attacks on specific targets, making the website unable to provide services.
The Taiwan government has also noticed the security issue of IoT product. In order to make government units and consumers more secure when purchasing IoT products, the Industrial Development Bureau (IDB) of Ministry of Economic Affairs (MOEA) has started to promote the IoT security standards in recent years, as well as establishing a complete certification system. For example, Onward Security is an accredited company and has a qualified security assessment laboratory. Among the IoT security standards, "Video Surveillance System Security Standards - IP Camera" was released as a national standard (CNS 16120) in November 2019. In the future, domestic government agencies may also incorporate this standard into the specifications of the procurement IP camera to ensure the safety of the domestic application environment and to provide more secure protection for the public.
Daniel Liu, Director of Technology at Onward Security pointed out that not only Taiwan, but also California, the United States, passed the "SB-327 Information Privacy: Connected Device Act" in 2018. This bill, beginning on January 1, 2020, would require any device that is directly or indirectly connected to the network by the manufacturer must have a "reasonable" security feature to prevent unauthorized access and modification. Therefore, as a fair third party, Onward Security’s security assessment laboratory provides product testing services to assist manufacturers in complying with security regulations, obtaining security certification and improving product security. Onward Security is a laboratory approved by multiple security standards of the IDB of MOEA, and is the only security testing laboratory authorized by Amazon Alexa Voice Service in Taiwan. The company can give Taiwan IoT equipment vendors the most complete assistance to get business opportunities in the huge IoT market.
High automation reduces test costs - HERCULES SecDevice
As the intrusion methods of connected devices are constantly updated, the difficulty of test technology and labor costs are getting higher and higher. How to conduct a complete internal security test is the focus of global IoT and industrial control equipment manufacturers. To this end, Onward Security has invested in the research and development of security test tools many years ago, hoping to help manufacturers solve product security problems with automated tools. The HERCULES SecDevice launched by the company participated in the Info Security Products Guide 2019 Global Excellence Awards and won the Gold Winner of IoT Security and the Bronze Winner of Industrial Control Systems (ICS) and SCADA.
Daniel Liu said that, in general, Onward Security’s product test process would take about 2 to 4 weeks to complete. If there are multiple customers who need to test at the same time, the testing time is bound to take even longer so it may affect the time to market. But if we scan the product through HERCULES SecDevice in advance, we can save precious time.
HERCULES SecDevice provides automated and intelligent functions for connected products such as testing environment configuration and security assessment. The test targets include network, webpage and wireless security, covering known and unknown security vulnerability. Its easy-to-use operation design helps testers get started quickly and meet the requirements of international security standards, e.g. ISO/IEC security standards or common vulnerability. Combining a number of innovative patented technologies with the security vulnerability research team of Onward Security enables this tool to offer the latest security testing items and update services, while providing a guarantee of security vulnerability testing capability to support the up-to-date connected products.
First choice for establishing a standard development process - HERCULES SecFlow
In addition to HERCULES SecDevice, Onward Security also launched the HERCULES SecFlow product security management system. It offers product secure development management systemized solutions to meet the need of each phases, including requirement, design, development, testing, and deployment. In short, the product provides secure development process management, security vulnerability database, and proactive product security event monitoring to help customers quickly establish a software security development process.
Daniel Liu said that improving the security of IoT products cannot rely solely on the final product testing stage. The security issues discovered at this stage may take more time to patch vulnerabilities. The purpose of our launch of the HERCULES SecFlow is to help customers to establish a secure software development process that conforms to international standards during the initial requirement analysis and design phase of the product. Meanwhile, using our more than 100,000 vulnerability repositories can get rid of the use of insecure third-party packages or the vulnerabilities caused by negligence during development. That's why it is helpful to avoid violating security laws and regulations as well as grabbing global business opportunities.
On the News