Securing Real-world IoT Applications through Penetration Testing

Understanding Vulnerabilities through Penetration Testing
Enhancing IoT security: Unveiling the significance of penetration testing in securing real-world IoT applications, identifying vulnerabilities, and mitigating risks for the protection of IoT data.

Contents

1. Introduction to IoT Application Security and Penetration Testing

1.1 Vulnerabilities of IoT application security

2. Fundamentals of IoT Penetration Testing
3. Considerations for IoT Penetration Testing
4. Methodologies and Approaches for IoT Penetration Testing
5. Takeaway

1.  Introduction to IoT Application Security and Penetration Testing

Securing real-world IoT applications is paramount as the Internet of Things (IoT) permeates various aspects of any individuals lives. Penetration testing serves as a vital tool in identifying vulnerabilities and assessing the resilience of IoT systems against cyber threats. In this article, delve into the significance of penetration testing in securing IoT applications, exploring its role in identifying weaknesses, mitigating risks, and ensuring the integrity and confidentiality of IoT data.


1.1  Vulnerabilities of IoT application security
 

  1. Expanded Attack Surface: The proliferation of IoT devices has dramatically expanded the attack surface, increasing the potential for security breach enterprise networks. With billions of interconnected devices, each presenting a potential vulnerability, the risk of unauthorized access, data breaches, and other security incidents is significantly heightened.
     
  2. Risks: IoT devices often possess limited computational resources, making them susceptible to software and firmware vulnerabilities. Their resource-constrained nature can limit the implementation of robust security measures, leaving them exposed to potential attacks. Furthermore, a significant concern is the prevalence of default or weak credentials on these devices.
     
  3. Diverse Threat Landscape: The threat landscape surrounding IoT devices is extensive and ever-evolving. It encompasses various attack vectors, including malware, botnets, DDoS attacks, physical tampering, and data privacy breaches. One notable example is the Mirai botnet, which compromised a vast number of IoT devices to launch large-scale DDoS attacks, leading to significant disruptions in internet services. In addition, IoT devices can serve as entry points for infiltrating larger networks and systems, allowing attackers to pivot and gain control over critical infrastructure.
  • Botnets: IoT devices can be infected with malware and become part of a botnet, which can be used for various malicious activities. Botnets are often utilized to launch distributed denial-of-service (DDoS) attacks, where a network of compromised devices overwhelms a target system with traffic, causing it to become inaccessible.
  • Ransomware: IoT devices are also vulnerable to ransomware attacks. Ransomware is malicious software that encrypts the data on a device and demands a ransom payment in exchange for the decryption key.
  • Data Breaches: IoT devices can be targeted to steal sensitive data, including personal identifiable information (PII) or financial data. Due to inadequate security measures, such as weak authentication or unencrypted data transmissions, attackers can exploit IoT devices as entry points to gain unauthorized access to networks and systems.

 

2.  Fundamentals of IoT Penetration Testing

IoT penetration testing, also known as ethical hacking or security assessment, is a critical process for testing and identifying vulnerabilities and assessing the security posture of IoT devices, networks, and applications. It involves simulating real-world attacks to uncover weaknesses and provide insights for remediation.

IoT penetration testing involves identifying vulnerabilities, conducting targeted attacks, and evaluating the effectiveness of security controls in IoT systems. IoT pen-testing aims to proactively identify and address potential weaknesses that malicious actors could exploit. The methodology of IoT pen-testing typically follows a structured approach. It begins with attack surface mapping, which involves identifying all potential entry and exit points that an attacker could leverage within the IoT solution. This step is crucial for understanding the system's architecture and potential vulnerabilities. Pentesters spend considerable time gathering information, studying device documentation, analyzing communication protocols, and assessing the device's hardware and software components.

Once the attack surface is mapped, the following steps involve vulnerability identification and exploitation. This includes conducting security tests, exploiting vulnerabilities, and evaluating the system's resilience to attacks. The penetration testers simulate real-world attack scenarios to assess the device's ability to withstand threats. After exploitation, post-exploitation activities are performed to determine the extent of the compromise and evaluate the potential impact on the device and the overall IoT ecosystem. Finally, a detailed technical report summarizes the findings, vulnerabilities, and recommendations for improving the device's security.


3.  Considerations for IoT Penetration Testing

Fuzzing and Protocol Reverse Engineering: Employ advanced techniques like fuzzing to identify vulnerabilities in communication protocols used by IoT devices. Fuzzing involves sending malformed or unexpected data to inputs and analyzing the system's response to uncover potential weaknesses.

Radio Frequency (RF) Analysis: Perform RF analysis to identify weaknesses in wireless communication between IoT devices. This includes analyzing RF signals, monitoring wireless communication protocols, and identifying potential vulnerabilities such as replay attacks or unauthorized signal interception.

Red Team Exercises: Conduct red team exercises to simulate real-world attack scenarios and evaluate the organization's detection and response capabilities. Red team exercises go beyond traditional penetration testing by emulating the actions and techniques of skilled attackers. This helps uncover any weaknesses in incident response, detection, and mitigation processes related to IoT security incidents.

Embedded System Analysis: Gain expertise in analyzing and reverse engineering embedded systems commonly found in IoT devices. This includes understanding microcontrollers, debugging interfaces, firmware extraction techniques, and analyzing the device's hardware architecture. Embedded system analysis helps identify low-level vulnerabilities and potential attack vectors.

Zero-Day Vulnerability Research: Engage in zero-day vulnerability research to identify previously unknown vulnerabilities in IoT devices and associated software. This requires advanced skills in vulnerability discovery, exploit development, and the ability to responsibly disclose vulnerabilities to vendors.


4.  Methodologies and Approaches for IoT Penetration Testing

Mobile, Web and Cloud Application Testing
Mobile, web, and cloud application testing is integral to IoT penetration testing, focusing on assessing the security of applications that interact with IoT devices. This methodology involves various steps to evaluate the security of these applications across different platforms. For mobile applications, the methodology includes reviewing the binary code, conducting reverse engineering to understand the inner workings, and analyzing the file system structure. Sensitive information such as keys and certificates embedded within the mobile app are scrutinized for secure storage and handling. The assessment extends to examining the application's resistance to unauthorized modifications. In web applications, the testing covers common vulnerabilities like cross-site scripting (XSS), insecure direct object references (IDOR), and injection attacks. Application reversing techniques are employed to gain insights into the application's logic and potential vulnerabilities. Additionally, hardcoded API keys are identified and assessed for their security implications.

Firmware Penetration Testing
Firmware penetration testing is a crucial aspect of IoT security assessments, aiming to identify vulnerabilities within the firmware running on IoT devices. The methodology encompasses multiple steps to uncover weaknesses. The process begins with binary analysis, dissecting the firmware to understand its structure, functionality, and potential vulnerabilities. Reverse engineering techniques are applied to gain deeper insights into the firmware's inner workings, exposing potential weaknesses like hardcoded credentials or hidden functionality. The analysis extends to examining different file systems used in the firmware and evaluating their configurations and permissions. Sensitive keys, certificates, and cryptographic material embedded within the firmware are scrutinized for secure generation, storage, and utilization. Additionally, the resistance of the firmware to unauthorized modification is assessed, including integrity checks, secure boot mechanisms, and firmware update processes.

IoT Device Hardware Pentest
IoT device hardware penetration testing involves a systematic methodology to assess the security of IoT devices at the hardware level. This comprehensive approach aims to identify vulnerabilities and weaknesses that attackers could exploit. The methodology includes analyzing internal communication protocols like UART, I2C, and SPI to understand potential attack vectors. Open ports are examined to evaluate the security controls and risks associated with communication interfaces. The JTAG debugging interface is explored to gain low-level access and assess the device's resistance to unauthorized access. Extracting firmware from EEPROM or FLASH memory allows testers to analyze the code, configurations, and security controls. Physical tampering attempts are made to evaluate the effectiveness of the device's physical security measures.


5.  Takeaway

Penetration testing is crucial in securing real-world IoT applications, enabling organizations to identify vulnerabilities and mitigate risks effectively. By conducting comprehensive and regular penetration tests, organizations can proactively identify and address security weaknesses, ensuring the integrity and confidentiality of IoT data. With the ever-growing threat landscape and increasing reliance on IoT technologies, penetration testing has become indispensable to safeguard IoT applications and protect against potential cyber-attacks.

Several key factors will shape the future of IoT penetration testing. First, the increasing complexity of IoT systems will require testing methodologies to adapt and assess intricate architectures, diverse protocols, and a wide range of devices. Second, there will be a greater emphasis on security by design, with penetration testing focusing on verifying secure coding practices, robust access controls, and secure communication protocols. Third, supply chain security will become crucial, necessitating penetration testing to assess the security measures implemented by vendors, third-party components, and firmware updates. Fourth, integrating IoT penetration testing with DevSecOps practices will ensure continuous monitoring and improvement of IoT system security. Lastly, as attackers become more sophisticated, future IoT penetration testing methodologies will need to keep pace with evolving IoT-specific attack techniques. By embracing these advancements, IoT penetration testing will play a vital role in ensuring the security and privacy of IoT deployments.

 

Spotlight

IoT World

The Internet of Things Community is an online community for embedded engineers, technology professionals, and network service providers/telecoms who are the driving force today behind The Internet of Things (IoT).

OTHER ARTICLES
Enterprise Iot

How Can Businesses Reduce IoT and IIoT Security Risks?

Article | July 6, 2022

The Internet of Things (IoT) and Industrial Internet of Things (IIoT) markets have experienced explosive growth as a result of the digital industrial revolution that followed the COVID-19 epidemic. To fully benefit, however, organizations have had to handle security concerns associated with these revolutionary technologies. Therefore, finding the correct security strategy is crucial for any organization because of the increasing dependency on IoT and IIoT to manage essential business systems. IoT and IIoT can be implemented quickly, but they come with inherent vulnerabilities. This risks businesses from cyberthreats such as device theft, spoofing, denial of service attacks, and data breaches or siphoning. Attacks of this nature adversely affect an organization's operations, finances, safety, and reputation. Many IoT and IIoT devices have passwords hard-coded into their firmware, making it challenging to patch or update security, which is a significant problem. Even when security is deployed on a device, it can usually be bypassed by taking advantage of a variety of known weaknesses. As a result, IT teams may find it challenging to identify an occurrence when IoT or IIoT devices are compromised before affecting systems and data. Mitigating IoT and IIoT Security Risks Separate IIoT and wireless devices from the SCADA or ICS network. Micro-segmentation allows only authorized device connectivity in certain circumstances. Control network access by monitoring what connects and validating each device's security. Demand visibility across all enterprise security networks and devices. This should be centralized so all devices, networks, risks, traffic, and policies can be handled in real-time across production and IT environments. Use an intrusion protection system (IPS) to identify threats and patch IoT and IIoT devices virtually. Counter unexpected attacks with active protection and deception techniques. It's crucial to check that security solutions can grow automatically to meet business requirements before using them. This entails responding to network changes, foreseeing risks and controlling them proactively, and offering real-time threat intelligence.

Read More
Enterprise Iot

Utilizing IoT architectures to design your IoT solutions with ease

Article | July 13, 2022

IoT use cases span a variety of sectors and businesses. A typical Internet of Things (IoT) solution consists of a large number of heterogeneous IoT devices with sensors that generate data in a variety of formats at varying rates, which is then processed and analyzed to derive insights. In addition, IoT devices can connect to a network directly or through a gateway device, allowing them to communicate with one another and with cloud services and applications. Create a layered architecture An organization's IoT solution's architecture outlines its overall layout, including its physical components (such as sensors and actuators) and virtual components (like services and communication protocols). IoT system complexity can be managed by utilizing a modular strategy that divides the architecture into several layers and focuses on each tier separately. IoT architectures have a tendency to outsource work to the edges of IoT networks (where the physical devices connect to the cloud). This aids data-driven IoT applications by lowering latency, enhancing privacy, and lowering bandwidth costs. Devices layer The device layer components include physical sensors and actuators that link to IoT devices and the IoT devices themselves. Although sensors and actuators are often not considered "smart" devices, they frequently connect to the architectural elements with higher computing power, either directly or indirectly (with the aid of gateway devices). These devices often use over-the-wire protocols like Ethernet or wireless protocols like Bluetooth, Zigbee, WiFi, LTE, or RFID to transmit data. Edge layer The analytics and pre-processing services that are offered at the network's edge are included in the concept of the edge layer. This layer acts as a central integration point for subsequent layers (devices layer). For the upstream layers, it offers routing and device control features. In addition, this layer can be connected to pub-sub systems to convey events and listen in on them. The size and heterogeneity of the devices and connectivity involved make designing data-driven IoT solutions hard. This article discusses some techniques for creating safe, adaptable, and scalable IoT architectures.

Read More
Enterprise Iot

Microsoft acquires ReFirm Labs to enhance IoT security

Article | July 19, 2022

Modern computing devices can be thought of as a collection of discrete microprocessors each with a dedicated function like high-speed networking, graphics, Disk I/O, AI, and everything in between. The emergence of the intelligent edge has accelerated the number of these cloud-connected devices that contain multiple specialized sub-processors each with its own firmware layer and often a custom operating system. Many vulnerability analysis and endpoint detection and response (EDR) tools find it challenging to monitor and protect devices at the firmware level, leading to an attractive security gap for attackers to exploit. At the same time, we have also seen growth in the number of attacks against firmware where sensitive information like credentials and encryption keys are stored in memory. A recent survey commissioned by Microsoft of 1,000 security decision-makers found that 83 percent had experienced some level of firmware security incident, but only 29 percent are allocating resources to protect that critical layer. And according to March 2021 data from the National Vulnerability Database included in a presentation from the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) at the 2021 RSA, difficult-to-patch firmware attacks are continuing to rise. Microsoft’s Azure Defender for IoT team (formerly CyberX) recently announced alongside the Department of Homeland Security a series of more than 25 critical severity vulnerabilities in IoT and OT devices

Read More

AIoT: The Technology and Its Limitless Possibilities

Article | January 29, 2021

We live in the age of technological advancement and progress is happening at an unprecedented speed. With newer technologies emerging every day, it is unreasonable to not be intrigued by their implications on business. Artificial Intelligence and the Internet of Things are two independent technologies that are changing the face of several industries, one advancement at a time. While Artificial Intelligence promises to automate and simplify everyday tasks for humans, the Internet of Things is rapidly bridging the gap between physical and digital. The convergence of these two technologies promises to simplify lives through connected devices. This convergence has already been witnessed in several industries and is being hailed as the Artificial Intelligence of Things or AIoT. Experts across industries claim that Artificial Intelligence of Things is set to redefine the future of the industry and mold intelligent and connected systems. Applications The Artificial Intelligence of Things is a congruence of AI and IoT infrastructures being used to achieve several applications across industries more accurately and efficiently. We already know that IoT generates scores of data, but this data is pretty useless in its raw form, it the organization, analysis, and interpretation of the data that makes it invaluable. Manually parsing through all of that data can take months given the sheer volume of it. This is where AI comes in. Modern AIs are programmed to efficiently handle large amounts of data to turn them into coherent pieces of information. Together, IoT and AI make for a great technological tool for business. Take a look at some other applications of AIoT in business. Marketing Good marketing comes from a series of well informed and well-researched decisions. For example, deciding on where the budget is allotted, what market strategy is put into action, or which campaign is prioritized. While human decisions can be fallible, most businesses today cannot afford to make big mistakes. This is where AIoT turns into a big help. Through the Artificial Internet of Things, marketers can get reports about market trends, probabilities, customer behavior, and more, most of these in real-time. These reports help marketers make informed decisions that are much likely to result in success. Drones Drones are one of the biggest advancements of IoT technology. In fact, drones are so popular with such varied applications, that drones can be talked of as a separate technology in themselves. These flying machines were originally invented for military purposes such as surveillance or weapon deployment but markets have rapidly found utility in drones for many other purposes. Today, they are being used as delivery bots, nature conservation, surveillance mechanisms, research tools, safety equipment, field substitutes, agriculture, geo-mapping, and a lot more. With AIoT, drones have become smarter, more adaptable, and way more useful. As Artificial intelligence allows drones to make minor decisions, their applications have gotten wider and more sophisticated. In a brilliant use case of AIoT, a drone enthusiast named Peter Kohler has started the Plastic Tide Project which uses drones to locate plastic on the ocean surfaces. The drones are powered by AI which allows them to locate plastic and not other elements like marine life or corals. These drones then hover over the plastic waste and speed up the ocean cleaning process. Drones can be used to map farmlands, determine the optimum farming processes and schedules, count the cattle, monitor their health, and even undergo certain physical tasks in agriculture, all thanks to the Artificial Intelligence of Things. AR/VR Augmented Reality and Virtual Reality are both heavily data-dependent technologies. There cannot be a convincing virtual reality unless there is data available for creating the said simulation. AR and VR have both found applications in several industries like healthcare, gaming, training, education, design, and manufacturing. Most of these applications fall in the critically important category and therefore, the AR or VR must be accurate to the minutest detail. This can only be achieved with mounds of data from the actual reality. With the help of IoT, this data is not accessible, and AI interprets it in a way that it can be turned into several different formats. Infrastructure One of the most useful applications of AIoT has been infrastructure. Artificial Intelligence of Things has fuelled innovation and planning for smart cities across the world. With the open data available for urban planning, cities are now becoming safer and more convenient to live in. AIoT has also made it possible to optimize energy consumption and ensure safer roadways through traffic surveillance. With smart energy grids, smart streetlights, and smart public transport, energy consumption and carbon emissions are both controlled. Moreover, AIoT has given a whole new life to urban design, and now comfort and aesthetics do not have to be sacrificed for convenience. Energy As we discussed above, Artificial Intelligence of Things is instrumental in optimizing energy consumption in urban areas. However, the applications of AIoT in the energy sector are not limited to smart cities. Many utilities providers across the globe are already gearing up to incorporate AIoT in their process. The expected benefits from the Artificial Intelligence of Things range from improved grid management, power quality, reliability, and restoration resilience to enhanced cybersecurity and better integration of distributed energy. Most utilities providers have still not adopted the new technology but with the increasing complexity of grid management and higher customer experience demands, there is no denying that they will have to deploy AIoT solutions to tackle these. Robotics In layman’s experience robots are either extremely sophisticated machines from sci-fi that undertake every task humans can and more, or they are these clunky things that can pass you the butter. In practice, however, robotics is a lot more practical than these ideas. Today, robotics is at the forefront of AIoT applications. The Artificial Intelligence of Things is being used in robotics for several applications such as surgical procedures, manufacturing, and even first aid. In healthcare specifically, AIoT powered robots are taking huge leaps. Robotic surgery eliminates the chance of human error and offers a much more precise surgical experience with minimum invasion. This enhances the success rate of surgery and aids faster recovery in patients. Logistics The convergence of AI and IoT has made a huge impact on logistics as it is now possible to automate the entire process, track the goods, as well as monitor the entire trajectory from deployment to delivery. With the addition of drones and robotics, even the last mile delivery can be automated with zero human intervention. This makes for faster delivery, better customer experience, as well as a well-designed supply chain management system. Industrial As the concept of adding smart sensors to physical objects emerged in the 1980s, a new term was coined a decade later—Industrial Internet of Things. IIoT is now a huge phenomenon of automating and optimizing industrial operation technologies across the globe. As IIoT is deployed in several factions of the industry including manufacturing, supply chain management, human resources, and energy management, these devices and sensors generate a massive amount of data daily. The data generated from even a single process can be dizzying, and this is where AI makes a difference. AI can not only manage this data but also find the relevant points of data and analyze it for business purposes. Edge Computing Artificial Intelligence has given way for another technology i.e. Edge computing. Edge computing allows a device to process data itself rather than rely on remote data servers to do so. It may seem like a small feat but think of the possibilities it offers—drones don’t have to be connected to find their way, smart appliances can interact with each other without a shared network, and thermostats can change the temperature based on your past preferences automatically. Edge computing is by no way a new technology but, in the future, it offers huge possibilities like smart automobiles and aircraft, or even robots in every home. Frequently Asked Questions What are the examples of Artificial Intelligence? Some of the most common examples of Artificial Intelligence are Google Maps and Uber. The AI allows you to find routes to any destination and even hail rides there. How does AI help IoT? Artificial Intelligence can comb through millions of data points in seconds to come up with patterns and analyze them. As IoT generates a lot of data continuously, AI is a powerful and complementary technology that helps IoT. Is IoT related to Artificial Intelligence? Internet of Things and Artificial Intelligence are two separate technologies that interact with each other well as their functions aid each other progress. AI helps with the data generated by IoT, and IoT provides relevant data for AI to analyze. { "@context": "https://schema.org", "@type": "FAQPage", "mainEntity": [{ "@type": "Question", "name": "What are the examples of Artificial Intelligence?", "acceptedAnswer": { "@type": "Answer", "text": "Some of the most common examples of Artificial Intelligence are GoogleMaps and Uber. The AI allows you to find routes to any destination and even hail rides there." } },{ "@type": "Question", "name": "How does AI help IoT?", "acceptedAnswer": { "@type": "Answer", "text": "Artificial Intelligence can comb through millions of data points in seconds to come up with patterns and analyze them. As IoT generates a lot of data continuously, AI is a powerful and complementary technology that helps IoT." } },{ "@type": "Question", "name": "Is IoT related to Artificial Intelligence?", "acceptedAnswer": { "@type": "Answer", "text": "Internet of Things and Artificial Intelligence are two separate technologies that interact with each other well as their functions aid each other progress.AI helps with the data generated by IoT, and IoT provides relevant data for AI to analyze." } }] }

Read More

Spotlight

IoT World

The Internet of Things Community is an online community for embedded engineers, technology professionals, and network service providers/telecoms who are the driving force today behind The Internet of Things (IoT).

Related News

Industrial IoT

Tuya Smart Delivers IoT Best Practice Using Amazon Aurora, Leads the Direction of Cloud Database Innovation Use Cases with Amazon Web Services

Tuya Smart | January 24, 2024

Tuya Smart, the global IoT developer service provider, has delivered its Best Practices in using Amazon Aurora at IoT industry. Amazon Aurora is a relational database management system (RDBMS) built for the cloud with full MySQL and PostgreSQL compatibility. Tuya and Amazon Web Services (AWS) built a solid basis of collaboration in database use cases exploration while also delivering smooth operation of billions of devices requiring high concurrency and low latency. Tuya and AWS: Building a benchmark for database implementation practice Tuya is a leading technology company focused on making our lives smarter. Tuya does this by offering a cloud platform that connects a range of devices via the IoT. By building interconnectivity standards, Tuya bridges the intelligent needs of brands, OEMs, developers, and retail chains across a broad range of smart devices and industries. Tuya's solutions enable partners and customers by improving the value of their products while making consumers' lives more convenient through the application of technology. As of September 30, 2023, the Tuya IoT Developer Platform has accumulated over 909,000 registered developers from over 200 countries and regions, covering industries including real estate, hospitality, residential, industry, agriculture, etc. The greater the breadth of business coverage, the more advanced technological support required. Tuya faces high-frequency reads and writes as well as enormous data storage challenges from billion-level online devices. Meanwhile, due to the commercial scenarios involving smart homes and smart industries, Tuya's operating response demands low latency in order to deliver a smoother user experience. Furthermore, Tuya's quick expansion and regular business changes have posed significant challenges to its operation and maintenance management. Tuya selected Amazon Aurora as core database engine for its unparalleled performance and availability at global scale. How does Tuya specifically leverage the Amazon Aurora database? Tuya currently manages billions of real-time online devices and can keep cloud message processing response times under 10 milliseconds. However, billions online devices provide a challenge. During holidays, there will be peak traffic volume, with tens of millions of devices going online and offline virtually simultaneously. Tuya used Amazon Aurora to construct a data storage solution to solve the main problem of rapid increase in short-term traffic, and to fully utilize resources. Aurora's design, which separates compute and storage and low-latency replication functionality, improves system throughput by enhancing the effect of read-write separation. Aurora provides up to 15 read replicas, setting the groundwork for Tuya's read flexibility development. At the same time, Tuya has integrated Aurora Serverless, which includes seconds-level elastic expansion and contraction, allowing Tuya to handle extremely heavy business traffic smoothly. Tuya's customers are located throughout more than 200 nations and regions, and they deal with widespread access to IoT data. Different countries and regions have different regulations on data compliance, such as GDPR and local PII. Tuya needs to adhere to each region's data security compliance regulations. As Tuya's primary business data storage provider, Amazon Aurora was among the first in the public cloud sector to enable physical encryption for database products, which significantly decreased the cost of Tuya's security compliance transformation and gave Tuya excellent basic security guarantees. In addition, Tuya is continuously testing out additional new innovation unique to Aurora, such as Enhanced Binlog, zero-ETL, and Limitless Database. Aurora's ongoing investment in innovative technologies provides more opportunities for Tuya to expand its business. Additionally, based on Tuya's comprehensive IoT developer platform architecture, both parties have collaborated to enhance Tuya IoT applications performance indicators like stability, low latency, scalability, and security in the real-world application of databases, revealing more potential and possibilities and enabling the IoT. Tuya and AWS: Continuously promoting the evolution of cloud experience Data-driven approaches will usher in a new era of innovation in tandem with the swift advancement of data applications. At this year's re:Invent conference, Peter DeSantis, Senior Vice President of AWS, reviewed the relational database's development history in great detail. In 2014, AWS created Aurora based on log architecture. In 2018, the release of Aurora Serverless allowed for seamless scaling of database resources through virtualization technology. This year, AWS announced the launch of the Amazon Aurora Limitless Database, which automatically scales to millions of write transactions per second well beyond current limits of a single PostgreSQL instance. It is apparent from Amazon Aurora's development history that AWS has always been dedicated to innovation. Customers and partners from a range of industries actively utilizes AWS to enable rapid innovation in a variety of ways, while also working together to enhance the cloud experience. Similar to how Tuya and AWS work together, Tuya's effective and user-friendly IoT developer platform and rich and varied IoT solutions have built a significant lighthouse, embracing the Amazon Aurora's innovation and accelerated the process of building a more secure and reliable IoT database use case. Amazon Aurora VP Yan Leshinsky said, "Amazon Aurora is the fastest growing service in the history of AWS and is trusted by hundreds of thousands of customers. We innovate by working backwards from customers' needs, and we appreciate the feedback that Tuya has shared. We remain committed in developing new Aurora features and capabilities so all customers can accelerate their applications' capabilities and business growth by using Aurora." "Tuya has always committed to strengthening advanced and valuable innovations, while offering open and neutral ecosystem assistance for global partners. We provide our developers with enhanced operational and maintenance control, adaptable data storage options, superior product experience, and a global business layout by utilizing the Amazon Aurora database. We will continue to work with AWS to benefit the world in the future in areas including technology, ecosystems, and cloud computing, helping customers achieve commercial success." said Eva Na, Vice President of Marketing and Strategic Cooperation, and CMO of Tuya Smart. Enhancing the partnership with AWS, Tuya delivered IoT best practice using Amazon Aurora database, giving the industry's growth additional impetus. Tuya will maintain its open and neutral stance going forward, collaborating with cloud service providers like AWS to offer global developers a more secure, reliable, and productive cloud environment, thereby advancing the innovation and development of the entire industry.

Read More

Enterprise Iot

Nozomi Networks Delivers Industry's First Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments

Nozomi Networks | January 25, 2024

Nozomi Networks Inc., the leader in OT and IoT security, today introduced Guardian Air™, the industry's only wireless spectrum sensor purpose-built for OT and IoT environments worldwide. With 80 percent of new IoT deployments wirelessly connected, wireless is quickly becoming a preferred network. The explosion of wirelessly connected devices increases potential access points and exploitation of networks. This puts critical infrastructure at risk of cyberattacks and disruptions to operations. Guardian Air provides much-needed visibility into wirelessly enabled devices which until now were only detected once connected to the wired network. Guardian Air monitors several prominent wireless frequencies, not just Bluetooth and Wi-Fi, to provide security teams with immediate visibility of connected sensors, devices, laptops and cell phones. With the addition of Guardian Air, customers have a comprehensive network solution all in one integrated platform. "Nozomi Networks has once again innovated to address an unmet need for wireless-level monitoring in OT and IoT environments," said Danielle VanZandt, an industry manager for commercial and public security research at Frost & Sullivan. "From smart manufacturing to digital medicine, to building automation, to modern oil field production and more, today industrial organizations are relying on billions of wireless devices to speed production and time to market. Guardian Air gives IT security professionals and OT operators the visibility they need to get a firm handle on wireless risk management and response." With Guardian Air, IT security professionals and OT operators can: Continuously monitor prominent wireless frequency technologies used in OT and IoT environments including Bluetooth, Wi-Fi, cellular, LoRaWAN, Zigbee, GPS, drone RF protocols, WirelessHART and more, Immediately detect wirelessly connected assets and gain asset information to quickly address unauthorized installations, Detect wireless-specific threats, including brute force attacks, spoofing, and bluejacking – with the added ability to determine the location of the devices performing the attacks, Seamlessly integrate wireless data into a single OT & IoT security platform that unifies asset visibility from the endpoint and across wired and wireless networks. "Wireless is fundamentally changing the way industrial organizations operate. Unfortunately, it also massively expands the potential attack surface," said Nozomi Networks Co-founder and Chief Product Officer Andrea Carcano. "Guardian Air solves this problem by giving customers the accurate visibility they need at the wireless level to minimize risk while maximizing resiliency. Because Guardian Air integrates easily into the Nozomi Networks Vantage platform, customers can combine network, endpoint and wireless for the greatest visibility, threat detection and AI-powered analysis for real-time security management and remediation across the entire attack surface." The Nozomi Guardian Air wireless sensor will be available this spring from Nozomi Networks and its extensive global network of channel partners. About Nozomi Networks Nozomi Networks accelerates digital transformation by protecting the world's critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimize risk and complexity while maximizing operational resilience. www.nozominetworks.com

Read More

Industrial IoT

Tuya Smart Delivers IoT Best Practice Using Amazon Aurora, Leads the Direction of Cloud Database Innovation Use Cases with Amazon Web Services

Tuya Smart | January 24, 2024

Tuya Smart, the global IoT developer service provider, has delivered its Best Practices in using Amazon Aurora at IoT industry. Amazon Aurora is a relational database management system (RDBMS) built for the cloud with full MySQL and PostgreSQL compatibility. Tuya and Amazon Web Services (AWS) built a solid basis of collaboration in database use cases exploration while also delivering smooth operation of billions of devices requiring high concurrency and low latency. Tuya and AWS: Building a benchmark for database implementation practice Tuya is a leading technology company focused on making our lives smarter. Tuya does this by offering a cloud platform that connects a range of devices via the IoT. By building interconnectivity standards, Tuya bridges the intelligent needs of brands, OEMs, developers, and retail chains across a broad range of smart devices and industries. Tuya's solutions enable partners and customers by improving the value of their products while making consumers' lives more convenient through the application of technology. As of September 30, 2023, the Tuya IoT Developer Platform has accumulated over 909,000 registered developers from over 200 countries and regions, covering industries including real estate, hospitality, residential, industry, agriculture, etc. The greater the breadth of business coverage, the more advanced technological support required. Tuya faces high-frequency reads and writes as well as enormous data storage challenges from billion-level online devices. Meanwhile, due to the commercial scenarios involving smart homes and smart industries, Tuya's operating response demands low latency in order to deliver a smoother user experience. Furthermore, Tuya's quick expansion and regular business changes have posed significant challenges to its operation and maintenance management. Tuya selected Amazon Aurora as core database engine for its unparalleled performance and availability at global scale. How does Tuya specifically leverage the Amazon Aurora database? Tuya currently manages billions of real-time online devices and can keep cloud message processing response times under 10 milliseconds. However, billions online devices provide a challenge. During holidays, there will be peak traffic volume, with tens of millions of devices going online and offline virtually simultaneously. Tuya used Amazon Aurora to construct a data storage solution to solve the main problem of rapid increase in short-term traffic, and to fully utilize resources. Aurora's design, which separates compute and storage and low-latency replication functionality, improves system throughput by enhancing the effect of read-write separation. Aurora provides up to 15 read replicas, setting the groundwork for Tuya's read flexibility development. At the same time, Tuya has integrated Aurora Serverless, which includes seconds-level elastic expansion and contraction, allowing Tuya to handle extremely heavy business traffic smoothly. Tuya's customers are located throughout more than 200 nations and regions, and they deal with widespread access to IoT data. Different countries and regions have different regulations on data compliance, such as GDPR and local PII. Tuya needs to adhere to each region's data security compliance regulations. As Tuya's primary business data storage provider, Amazon Aurora was among the first in the public cloud sector to enable physical encryption for database products, which significantly decreased the cost of Tuya's security compliance transformation and gave Tuya excellent basic security guarantees. In addition, Tuya is continuously testing out additional new innovation unique to Aurora, such as Enhanced Binlog, zero-ETL, and Limitless Database. Aurora's ongoing investment in innovative technologies provides more opportunities for Tuya to expand its business. Additionally, based on Tuya's comprehensive IoT developer platform architecture, both parties have collaborated to enhance Tuya IoT applications performance indicators like stability, low latency, scalability, and security in the real-world application of databases, revealing more potential and possibilities and enabling the IoT. Tuya and AWS: Continuously promoting the evolution of cloud experience Data-driven approaches will usher in a new era of innovation in tandem with the swift advancement of data applications. At this year's re:Invent conference, Peter DeSantis, Senior Vice President of AWS, reviewed the relational database's development history in great detail. In 2014, AWS created Aurora based on log architecture. In 2018, the release of Aurora Serverless allowed for seamless scaling of database resources through virtualization technology. This year, AWS announced the launch of the Amazon Aurora Limitless Database, which automatically scales to millions of write transactions per second well beyond current limits of a single PostgreSQL instance. It is apparent from Amazon Aurora's development history that AWS has always been dedicated to innovation. Customers and partners from a range of industries actively utilizes AWS to enable rapid innovation in a variety of ways, while also working together to enhance the cloud experience. Similar to how Tuya and AWS work together, Tuya's effective and user-friendly IoT developer platform and rich and varied IoT solutions have built a significant lighthouse, embracing the Amazon Aurora's innovation and accelerated the process of building a more secure and reliable IoT database use case. Amazon Aurora VP Yan Leshinsky said, "Amazon Aurora is the fastest growing service in the history of AWS and is trusted by hundreds of thousands of customers. We innovate by working backwards from customers' needs, and we appreciate the feedback that Tuya has shared. We remain committed in developing new Aurora features and capabilities so all customers can accelerate their applications' capabilities and business growth by using Aurora." "Tuya has always committed to strengthening advanced and valuable innovations, while offering open and neutral ecosystem assistance for global partners. We provide our developers with enhanced operational and maintenance control, adaptable data storage options, superior product experience, and a global business layout by utilizing the Amazon Aurora database. We will continue to work with AWS to benefit the world in the future in areas including technology, ecosystems, and cloud computing, helping customers achieve commercial success." said Eva Na, Vice President of Marketing and Strategic Cooperation, and CMO of Tuya Smart. Enhancing the partnership with AWS, Tuya delivered IoT best practice using Amazon Aurora database, giving the industry's growth additional impetus. Tuya will maintain its open and neutral stance going forward, collaborating with cloud service providers like AWS to offer global developers a more secure, reliable, and productive cloud environment, thereby advancing the innovation and development of the entire industry.

Read More

Enterprise Iot

Nozomi Networks Delivers Industry's First Multi-Spectrum Wireless Security Sensor for Global OT and IoT Environments

Nozomi Networks | January 25, 2024

Nozomi Networks Inc., the leader in OT and IoT security, today introduced Guardian Air™, the industry's only wireless spectrum sensor purpose-built for OT and IoT environments worldwide. With 80 percent of new IoT deployments wirelessly connected, wireless is quickly becoming a preferred network. The explosion of wirelessly connected devices increases potential access points and exploitation of networks. This puts critical infrastructure at risk of cyberattacks and disruptions to operations. Guardian Air provides much-needed visibility into wirelessly enabled devices which until now were only detected once connected to the wired network. Guardian Air monitors several prominent wireless frequencies, not just Bluetooth and Wi-Fi, to provide security teams with immediate visibility of connected sensors, devices, laptops and cell phones. With the addition of Guardian Air, customers have a comprehensive network solution all in one integrated platform. "Nozomi Networks has once again innovated to address an unmet need for wireless-level monitoring in OT and IoT environments," said Danielle VanZandt, an industry manager for commercial and public security research at Frost & Sullivan. "From smart manufacturing to digital medicine, to building automation, to modern oil field production and more, today industrial organizations are relying on billions of wireless devices to speed production and time to market. Guardian Air gives IT security professionals and OT operators the visibility they need to get a firm handle on wireless risk management and response." With Guardian Air, IT security professionals and OT operators can: Continuously monitor prominent wireless frequency technologies used in OT and IoT environments including Bluetooth, Wi-Fi, cellular, LoRaWAN, Zigbee, GPS, drone RF protocols, WirelessHART and more, Immediately detect wirelessly connected assets and gain asset information to quickly address unauthorized installations, Detect wireless-specific threats, including brute force attacks, spoofing, and bluejacking – with the added ability to determine the location of the devices performing the attacks, Seamlessly integrate wireless data into a single OT & IoT security platform that unifies asset visibility from the endpoint and across wired and wireless networks. "Wireless is fundamentally changing the way industrial organizations operate. Unfortunately, it also massively expands the potential attack surface," said Nozomi Networks Co-founder and Chief Product Officer Andrea Carcano. "Guardian Air solves this problem by giving customers the accurate visibility they need at the wireless level to minimize risk while maximizing resiliency. Because Guardian Air integrates easily into the Nozomi Networks Vantage platform, customers can combine network, endpoint and wireless for the greatest visibility, threat detection and AI-powered analysis for real-time security management and remediation across the entire attack surface." The Nozomi Guardian Air wireless sensor will be available this spring from Nozomi Networks and its extensive global network of channel partners. About Nozomi Networks Nozomi Networks accelerates digital transformation by protecting the world's critical infrastructure, industrial and government organizations from cyber threats. Our solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on us to minimize risk and complexity while maximizing operational resilience. www.nozominetworks.com

Read More

Events