Appknox adds ioXt Security Compliance Testing for IoT & Mobile Apps

Appknox, a leading enterprise mobile application security solution provider has announced a partnership with ioXt, a global standard for IoT security and standardization of security, privacy, and compliance programs. With the alliance, Appknox will enforce the clients with a Security Pledge that focuses on the security of stakeholders, and devices in the IoT environment. 

With years of rigorous experience, multiple accolades, and the most powerful plug-and-play security platform of the world under its belt, Appknox has now taken a big leap by announcing its alliance with ioXt, an industry-led global security standard for IoT devices, that has many industry behemoths like Facebook, Google, Amazon, IBM, COMCAST, Honeywell Legrand and Motorola, etc.

Why are security and transparency dire in the emerging IoT World?

Recent estimates show that by the end of 2025, there will be 55.75B IoT devices, forming an extensively connected network of smart appliances, smart grids, self-driving cars, and much more.

With such a huge amount of smart and extremely well-connected devices, the number of attacks and security compromise attempts are also going to increase without any doubt. The IoT-related attacks are going to be the number one priority on the business agendas of all the leading security solution providers and the need of having a standardized security and transparency policy across the globe, will be paramount. 

Aiming at this future disruption, ioXt is an alliance that focuses on making the IoT market more secure, more reliable, and more robust against cyberattacks by implementing the industry-recognized best practices in security.

Appknox and ioXt Alliance

Appknox and ioXt Alliance

 

We are ecstatic to announce that, Appknox has joined an alliance with ioXt along with Amazon, Google, IBM, McAfee, SonicWALL, and IoT manufacturers such as Crestron, Honeywell, Leviton, Motorola, and Schneider Electric, the ioXt Alliance has defined a new rigorous industry-wide certification standard for IoT vendors and developers to ensure security and privacy of IoT-connected mobile apps. 

The new Appknox ioXt Compliance Testing Solution empowers organizations to rapidly certify their IoT-connected mobile apps and stay on the same page with the other industry leaders and global IoT stakeholders, via the ioXt Security Pledge. We will discuss more on the ioXt Security Pledge in the coming section. 

The extremely well-connected world of smart IoT devices is highly vulnerable to malicious internet practices and threats that might be consequential as per the different use cases. So, there is a compelling need for a standardized set of specifications and formal compliances aiming towards the security, transparency, and robustness of IoT devices and their users.

“The mobile app ecosystem is extremely complex when it comes to compliance testing, privacy, and security. We’re ecstatic to join the ioXt that enables the solution providers and technology enablers, such as Appknox to "enforce" all of them across their clients without much ado.” - Subho Halder, Co-founder & CISO, Appknox

 

Appknox with ioXt standards enforces clients with Security Pledge

The ioXt Security Pledge comprises 8 clear principles that ensure that clients adhere to the security, privacy, and compliance standards for a better and more secure IoT ecosystem.

ioXt Security Pledge is comprised of 8 clear principles and makes sure that clients adhere or follow these:

 

1) No universal passwords

Universal passwords put the safety and security of the device and its user under threat and also offer an easy leeway to cyber attackers. The ioXt security pledge enforces user authentication prior to using the IoT device. To ensure more security, the users will be required to change the initial password (set by the developer) before the first use. This password must not be predictable.

2) Secure interfaces

All the product interfaces will be appropriately secured by the manufacturer against security attacks. The devices using IP protocols will be secured against network attacks and no firewall assumptions will be made. Network connections will be kept to the minimum and strong authentication measures will be taken.

3) Proven cryptography

All the devices will be protected with strong, proven, and peer-reviewed cryptography methods and algorithms that are updatable. The final communication protocol might include multiple cryptographic primitives, key rotation and exchange mechanisms and replay protection, etc.

4) Security by default

It will be ensured that the device certification profile is also verified for base security requirements. As there are multiple views and instances of the base security measures across the globe, the default security pledge will be defined as per the device certification profile.

5) Verified software

The manufacturers will have a clear policy regarding the updates and patches that will be rolled down for the devices and the same should be conveyed to the user. This will enable the users to understand that their devices can be updated and will be updated as and when the manufacturer detects new vulnerabilities. 

6) Automated security updates

All the connected devices will be updatable and will come with an automated security update feature, where the security updates will be made available to the users and the manufacturer is responsible for security updates, validation, and deployment.

7) Vulnerability reporting program

The manufacturer will have a proper vulnerability reporting program in place and will act quickly to apply the security updates in a timely manner. The companies must have proper means to track and accept the defects in their products and services. 

8) Security expiration date

There will be a fixed period of time for which the security updates will be provided and the expiration date will be published and shared with the users. Apart from the security life, end-of-life notifications will also be sent.

ioxt sample report

 

Defining the Next Steps - ioXt Authorized Lab

We would love to also announce that Appknox is striking to becoming an ioXt Authorized lab. The authorized labs are the contributing members and exclusive test providers for the ioXt Alliance. They provide input on ioXt standards and promise the industry-best practices and offerings (products and services).

In its endeavour to become an ioXt authorized lab, Appknox is striving to offer testing and certification for the following three ioXt profiles:

1) ioXt Android Profile 

This profile will be used for any Android device that qualifies for the GMS or any other equivalent certification program.

2) ioXt Mobile Profile 

This profile will provide a base security level for all the apps running on the mobile device and connected by the cloud. Some extensions are also there that might be applied on the basis of the app features.

3) ioXt IoT Profile 

This profile focuses on the IoT ecosystem and devices and utilizes established standards for data exchange, communication and security etc. The IoT profile is continuously evolving as per the emerging industry disruptions.

Appknox - Contact Us

Published on Jun 28, 2021
Nishaanth Guna
Written by Nishaanth Guna
Lead Security Researcher, Appknox.

Questions?

Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now
Upcoming Webinar: Introduction to Cloud Security & IAM Policy Level Review On 14 Dec @11AM IST. Register Now!