June 6, 2018
Software testing risks for IoT devices include weak security features and insufficient testing
The global Internet of Things (IoT) market is slated to grow to $8.9 trillion by 2020. IoT segments in the B2B sector alone will generate more than $300 billion annually by 2020, according to Bain & Company. These figures attest to IoT’s enormous potential —– and with more than 11 billion connected things projected to be in use this year, that potential is already being realized.
But the promise of IoT is not without risk. Hackers have exploited connected devices to mine cryptocurrency and launch high-profile cyberattacks, fostering public distrust and generating regulatory scrutiny that could ensnare a wide range of stakeholders. Amid this climate, it has never been more essential to ensure the proper testing of IoT devices.
Often combining new technology with rapidly developed software on newly created hardware, IoT devices can be difficult to test, and the means by which these devices are developed can expose them to critical bugs undermining functionality, interoperability, reliability, safety, and performance. Here are the four most important aspects to avoiding disaster and enabling IoT to securely fulfill its potential.
Software systems’ ability to communicate, exchange, and apply information — their interoperability — is at the heart of IoT. When testing interoperability, testers check syntax and data format compatibility, physical and logical connection methods, and user-friendliness. Software programs must be able to route data back and forth without compromising the device’s operation or losing data. Each component of the software must therefore recognize incoming data from other programs, seamlessly integrate with the larger architecture, and provide users with readily accessible, useful results. Real-world crowd testing and advanced lab testing are both valuable tools for testing interoperability, allowing testers to test both real devices and in a controlled, simulated network environment.
Companies are delivering software-based services, products, updates, and patches at an ever-accelerating rate, and factors such as time-to-market can make or break a company. Test automation is crucial to both a company’s continued, fast-paced operations and time-to-market, making it not a nice bonus but rather an absolute necessity.
DevOps, in which a core focus is improving time-to-market, is inseparable from test automation. DevOps works to enable regular, frequent product releases and updates, completing deployments exponentially faster. Testing must occur at the right stages in development and updating, and this is only feasible through automation. While automation occurs in some phases of testing, testers place a strong emphasis on the early stages of development. But you must test at later phases as well.
Focus on security
As the McKinsey consultancy noted in a recent analysis, shortcomings in security rank among the biggest risks to the continued growth and success of the IoT market. A study conducted by scholars at the Technical University of Denmark, Orebro University in Sweden, and Innopolis University in Russia underscores the legitimacy of such concerns. The researchers found that 80% of IoT devices do not require sufficiently complex passwords, while 70% used unencrypted network services. Moreover, 70% of devices effectively allowed hackers to identify legitimate user accounts via enumeration. And once hackers gain access to a refrigerator or some other household device, they can easily gain access to all the devices on the network.
What are the implications for the testing process? Threat assessment must be integral to testing, and testers should test for security by design, including secure coding practices and network defenses.
The prevalence of security vulnerabilities and potential attack vectors give security a well-deserved reputation as one of IoT’s biggest challenges and attests to the fact that much work remains to be done to ensure the sustainable, safe growth of the IoT sector. Potent market forces — from the needs of today’s businesses to the demands of modern consumers — are fueling IoT’s rapid ascent. But complacency is antithetical to success. A proactive, full-spectrum approach to security testing will deliver the market the cutting-edge services and devices that it requires without needlessly incurring potentially devastating risks.
Finally, ensuring a system’s integrity requires end-to-end testing. The multiple subsystems that comprise a software system must all function properly, lest the entire system risk failure. End-to-end testing verifies a system’s functionality and the proper communication of its sub-systems, which makes this process essential to understanding how well an application will function.
— Benny Sand is VP Knowledge & Innovation for QualiTest Group.