Last updated at Fri, 02 Aug 2024 20:11:28 GMT
研究ers explain the trend 和 argue for deeper underst和ing
Analysis of Cellular Based Internet of Things (物联网) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heil和 和 Thermo Fisher Scientific lead product security researcher Carlota Bindner.
在这项新研究中, the authors dive deep into the fairly recent uptick in the use of cellular communications in 物联网-based devices like GPS trackers 和 certain types of medical equipment. Their main goal is to provide context into the pervasive nature of cellular technology embedded within modern devices all over the world.
They go on to demonstrate the importance of breaking open these 物联网 devices with the goal of penetration testing (pentesting) the strength of the security — or lack thereof — built into the onboard tech. 没有Wi-Fi连接, 他们说, it’s critical these devices are able to leverage cellular as a back-up communications method, particularly in the category of potentially life-saving medical devices.
测试技术
Indeed, 2022 saw shipments of 物联网 cellular modules 同比增长14%, signalling the ubiquity of 物联网 in today’s devices as producers hope the daily-life conveniences the technology enables will continue to propel the significant growth of cellular module shipments.
When an industry is experiencing significant growth, it’s important that pentesting teams have the ability to appropriately test the technology for security vulnerabilities. 这项研究有助于 快速渗透测试团队 和 others continually examine the technology, test its boundaries, 和 learn how to keep it safe.
Let’s take a look at some key 物联网 security testing scenarios 和 takeaways from this whitepaper.
CAT-M和NB-物联网
Cellular technologies for 物联网 are often high-priced, despite being extremely common in 2024. CAT-M和NB-物联网 have helped to facilitate cellular communications for 物联网 devices, 大规模降低成本. Their primary areas of focus are to provide low-power wide area network (LPWAN) signals that bolster radio communications used for 物联网 devices.
根据论文, CAT-M和NB-物联网 are complementary st和ards that excel in different use cases, each helping enable 物联网 direct-cloud communications via cellular services. There are several subsets of these technologies — such as CAT-M1, CAT-NB1/CAT-NB2 — 和 it’s made clear in the research why it’s critical to comprehend how each of these enable cellular-based 物联网 communications so that practitioners can better secure the devices 和 tech.
蜂窝模块
The whitepaper then gets into the nitty gritty of reviewing how the researchers deconstructed several cellular module devices to test how they function 和 communicate with each other.
From discovering module-based GPS trackers to examining cellular modules in smart camera systems, this highly technical process weaves between looking at the orientation of cellular modules on circuit boards to how manufacturers can implement their own proprietary comm和s for use with their own cellular modules.
接下来是什么
再次重申, it’s vital that pentesting professionals underst和 as much of this cellular technology as possible in order to effectively test devices that leverage these capabilities. 以这种方式, security is put at the forefront of these marvelous little gadgets that aim to make all of our lives just a little easier.
准备好了解更多? Dive into the deep technical details contained in 白皮书 现在.
