Galanz

5 min read

IoT and cybersecurity: Galanz & intive

Client

Galanz

Guangdong Galanz Group Co., Ltd. is a Chinese manufacturer of electronic home appliances, headquartered in Foshan, Guangdong.

Overview

intive security specialists teamed up with Galanz engineers to secure their IoT platform.  

Services

Security Audit, Penetration Tests 

Industry

Industrial

Targeting cybersecurity

Securing major scale IoT platform for one of the biggest home appliances producers took two months. Intive security specialists teamed up with Galanz engineers to make smart microwaves even smarter.

Microwave leading producer

Galanz is the largest microwave oven manufacturer in the world, producing one of every two microwave ovens. For most branches and manufacturers, the great boom in the Internet of Things is both a fantastic opportunity to do business as well as a technological challenge. It has already gained huge momentum which is disrupting the appliance industry and changing the way we use our everyday devices.

Challenging trend

The IoT trend is the next step to keep today’s business advantage in the competitive market of home appliances, but it also represents a big risk, especially regarding cybersecurity. A leaky system allows hackers to reach the main computing system of a factory or the whole infrastructure of a central power grid, causing huge disasters. To take control over systems, hackers need only devices, for example microwaves, connected to the Internet.

Close collaboration

The company needed to deal with potential threats such as data leaks or powerful botnets attacking and taking down the IT infrastructure. To tackle the problem, the intive security team joined closely with platform engineers from Galanz working on the IoT platform for smart microwaves. As a result, both sides decided to follow a systematic security testing approach to analyse the whole security environment and find potentially risky areas.

Step by step

The process consisted of:
 
Threat modelling part 1 – a thorough review of the design
Threat modelling part 2 – an inventory of the threats
Penetration tests of the web portal and mobile applications
Penetration tests of the IoT devices, together with the protocol of communication between devices and server
 

Results

Finally, after two months of testing the whole system, a list of several important improvements that would strengthen the security of the platform was suggested.  The systematic approach helped categorise threats and prepare a comprehensive roadmap for a security approach that provides safety of data while customers use the IoT platform implemented in Galanz microwaves.