Modernizing Authentication — What It Takes to Transform Secure Access
X-Force Red, IBM's penetration testing practice, is focusing its attention on Internet of Things (IoT) security and connected vehicles, the IT solutions provider announced today.
Delivered in conjunction with the company's Watson IoT Platform, the new IoT-focused services from X-Force Red will help customers to harden their systems and software in advance of internal and customer-facing deployments. It blends the automated IoT configuration and management capabilities within the Watson IoT Platform with the expertise of X-Force Red's security professionals to test implementations and unearth potential vulnerabilities.
The new IoT and connected-car services come after a busy year for X-Force Red. Debuting a year ago, the team has added noted security specialists Cris Thomas and Dustin Heywood to its ranks. The group also built a password-cracking tool called Cracken to help clients develop better password habits and policies.
"Over the past year, we've seen security testing further emerge as a key component in clients' security programs," said Charles Henderson, global head of IBM X-Force Red, in a July 24 announcement. "Finding issues in your products and services upfront is a far better investment than the expense of letting cybercriminals find and exploit vulnerabilities. Our own investments in people, tools and expertise have more than tripled our security testing capabilities in the first year of IBM X-Force Red, making our offense our clients' best defense."
Testing IoT devices and systems makes sense for business, if for no other reason than the fact that attackers are already on the prowl. Recently, a survey from Altman Vilandrie & Company found that nearly half (48 percent) of all businesses in the U.S. using IoT technologies have already suffered a security breach.
"IoT attacks expose companies to the loss of data and services and can render connected devices dangerous to customers, employees and the public at large. The potential vulnerabilities for firms of all sizes will continue to grow as more devices become Internet dependent," stated Altman Vilandrie director Stefan Bewley.
Meanwhile, both the automotive industry has its own incentives for keeping their increasingly tech-laden vehicles safe.
In 2015, the Progressive Insurance Snapshot dongle, which plugs into a car's ODB-II port and is used to deliver personalized auto insurance coverage based on customers' driving habits, was hacked. That same year, the security researchers made headlines when they demonstrated how hackers could gain access to a Jeep's critical systems, including its steering and brakes. Last year, researchers at Pen Test Partners found a way to hack a Mitsubishi Outlander via the vehicle's onboard Wi-FI system.