More than 26 billion Internet of Things (IoT) devices power modern life, home and business and improve convenience, safety and productivity. That figure is forecast to reach 75 billion by 2025 and today, public app stores house more than the 4,500 IoT-connected mobile applications to control homes, security, buildings, appliances, industrial equipment, wearables and lights.
With scary stories circulating about attackers spying on home security footage or taking over industrial control systems, IoT manufacturers must uphold customer confidence by ensuring security and privacy of their IoT devices and mobile apps that connect to them.
The iOXt Alliance provides an industry-led global security standard for IoT devices and now, the mobile applications that connect to and manage those devices and mobile VPNs. In partnership with technology vendors such as Amazon, Google, IBM, McAfee, SonicWALL and IoT manufacturers such as Crestron, Honeywell, Leviton, Motorola and Schneider Electric, the ioXt Alliance has defined a new rigorous industry-wide certification standard for IoT vendors and developers to ensure security and privacy of IoT-connected mobile apps and VPNs. The new NowSecure ioXT Compliance Testing Solution empowers organizations to rapidly certify their IoT-connected mobile apps and mobile VPNs for the ioXt Mobile Application Profile.
Leveraging more than a dozen years of mobile app pen testing and certification experience combined with unique NowSecure automated mobile application security testing software, the NowSecure ioXT Authorized Lab provides fast, high-quality results and collaborates with customers to help them quickly achieve ioXt certification.
“We are excited to announce our partnership with the ioXt Alliance and our solution for ioXt Compliance testing,” said NowSecure CEO Alan Snyder. “The wild west of mobile app security and privacy needs standards to provide consistency and confidence. From OWASP MASVS to NIAP and now ioXt, we are seeing the industry shift towards standards-based specifications and formal compliance certifications for mobile apps. We look forward to helping all IoT and VPN manufacturers ensure the security of their IoT-connected mobile apps and VPNs through a fast, accurate, cost effective process — raising the bar to ensure the protection of all mobile users.”
The State of Mobile IoT App Security
NowSecure benchmark testing of IoT-connected mobile apps and mobile VPNs from public app stores points to the need for strong security to earn the trust of users. As detailed in this infographic of IoT-connected mobile appsec testing results, all 140 Android and iOS apps assessed had at least one low-level security issue. 91% of IoT-connected mobile apps and mobile VPNs tested had medium security vulnerabilities and 12% had high. Overall, testing found 887 security issues in total with an average of 6 issues per app.
The security weaknesses were found in data stored on the device, weak encryption and leakage of Personally Identifiable Information (PII). Alarmingly, 76% of the IoT-connected mobile apps leaked PII such as user name, email, phone number, or device serial number or MAC address on the device or over the network. Areas where IoT vendors did better in secure mobile app development include secure handling of credentials, secure authentication, and secure network communications.
NowSecure Speeds ioXt Certification
Standardized security requirements such as the ioXt Mobile Application Profile will go a long way in improving quality and ensuring IoT apps keep sensitive data private. “As the mobile app industry continues to grow, security has become increasingly important to all stakeholders and end users,” said Brad Ree, ioXt Alliance CTO. “The partnership with NowSecure will help us verify that security standards are met for mobile apps and VPNs in line with the Mobile Application Profile, which will ensure security transparency and better digital safety for all users.”
The partnership with NowSecure will help us verify that security standards are met for mobile apps and VPNs in line with the Mobile Application Profile, which will ensure security transparency and better digital safety for all users.”
As the only ioXt Authorized lab that is mobile first and mobile only, the NowSecure ioXt Compliance Solution extends the company’s suite of standards-based compliance and certification solutions including NIAP, OWASP, MASVS, GDPR, CCPA, FFIEC, FISMA, HIPAA and others. The solution is available immediately and has already been used to certify many ioXt member companies.
If you develop an IoT-connected mobile app or mobile VPN, sign up for a free rapid security test to see your current compliance status and a free quote for a full ioXt compliance test to speed the certification process.
To learn more about mobile app security testing standards and compliance, check out our standards page here.