Targeting cybersecurity
Securing major scale IoT platform for one of the biggest home appliances producers took two months. Intive security specialists teamed up with Galanz engineers to make smart microwaves even smarter.
Galanz
5 min read
IoT and cybersecurity: Galanz & intive
Overview
intive security specialists teamed up with Galanz engineers to secure their IoT platform.
Services
Security Audit, Penetration Tests
Client
Galanz
Guangdong Galanz Group Co., Ltd. is a Chinese manufacturer of electronic home appliances, headquartered in Foshan, Guangdong.
Industry
Industrial
Microwave leading producer
Galanz is the largest microwave oven manufacturer in the world, producing one of every two microwave ovens. For most branches and manufacturers, the great boom in the Internet of Things is both a fantastic opportunity to do business as well as a technological challenge. It has already gained huge momentum which is disrupting the appliance industry and changing the way we use our everyday devices.
Challenging trend
The IoT trend is the next step to keep today’s business advantage in the competitive market of home appliances, but it also represents a big risk, especially regarding cybersecurity. A leaky system allows hackers to reach the main computing system of a factory or the whole infrastructure of a central power grid, causing huge disasters. To take control over systems, hackers need only devices, for example microwaves, connected to the Internet.
Close collaboration
The company needed to deal with potential threats such as data leaks or powerful botnets attacking and taking down the IT infrastructure. To tackle the problem, the intive security team joined closely with platform engineers from Galanz working on the IoT platform for smart microwaves. As a result, both sides decided to follow a systematic security testing approach to analyse the whole security environment and find potentially risky areas.
Step by step
The process consisted of:
• Threat modelling part 1 – a thorough review of the design
• Threat modelling part 2 – an inventory of the threats
• Penetration tests of the web portal and mobile applications
• Penetration tests of the IoT devices, together with the protocol of communication between devices and server
Results
Finally, after two months of testing the whole system, a list of several important improvements that would strengthen the security of the platform was suggested. The systematic approach helped categorise threats and prepare a comprehensive roadmap for a security approach that provides safety of data while customers use the IoT platform implemented in Galanz microwaves.
Challenge everything!
