Guangdong Galanz Group Co., Ltd. is a Chinese manufacturer of electronic home appliances, headquartered in Foshan, Guangdong. It is the largest microwave oven manufacturer in the world, producing one of every two microwave ovens.
For most branches and manufacturers, the great boom in the Internet of Things is both a fantastic opportunity to do business as well as a technological challenge. It has already gained huge momentum which is disrupting the appliance industry and changing the way we use our everyday devices. For companies such as Galanz, the IoT trend is the next step to keep its business advantage in the competitive market of home appliances, but also represents a big risk, especially regarding cybersecurity. A leaky security system allows hackers to reach the main computing system of a factory or the whole infrastructure of a central power grid, causing huge disasters. In fact, to take total control over systems, these hackers need only devices, for example microwaves, connected to the Internet.
While developing its IoT solutions, Galanz had to pay special attention to security aspects to avoid tragic consequences. There was one major goal here: to assure that the developed IoT platform meets the strictest security requirements, in particular:
1. The security posture of the platform is sound
2. The security in depth rule is followed
3. All threats are accounted for, assessed and addressed
The company needed to deal with potential threats such as data leaks or powerful botnets attacking and taking down the IT infrastructure. To tackle the problem, the intive security team joined closely with platform engineers from Galanz working on the IoT platform for smart microwaves. As a result, both sides decided to follow a systematic security testing approach to analyse the whole security environment and find potentially risky areas.
The process consisted of:
1. Threat modelling part 1 – a thorough review of the design
2. Threat modelling part 2 – an inventory of the threats
3. Penetration tests of the web portal and mobile applications
4. Penetration tests of the IoT devices, together with the protocol of communication between devices and server
Finally, after two months of testing the whole system, a list of several important improvements that would strengthen the security of the platform was suggested. The systematic approach helped categorise threats and prepare a comprehensive roadmap for a security approach that provides safety of data while customers use the IoT platform implemented in Galanz microwaves.