IoT end-consumer products with smart functions and network connectivity are more adopted than they were before, which also leads to the rising cybersecurity risk. Therefore, security levels required for sufficient protection of the product are introduced by government bodies worldwide.
Riscure has over 20 years of experience in evaluating the security of these consumer products as well as perform independent studies into the state of security in various markets. When conducting this research, the Riscure team used standard security analysis techniques such as analyzing the internals, acquiring, and reverse engineering the firmware. Besides that, additional device analysis of smartphone applications was applied where possible.
Compared to the development of functionality for modern connected sociality, Riscure sees potential developments needed to achieve the required level of security under the ETSI recommendations. This paper describes the research and results in detail, including how the vulnerabilities, such as runtime control, issues with firmware updates, protocol vulnerabilities, password issues, and insecure communication affect the device security, how they rate against the ETSI standard, and what can a vendor do about it.