Test IoT Security of Hardware and Software with Rapid7

Previously, users looking to test their IoT hardware with Metasploit had to develop custom tools for each of their products due to Ethernet network limitations. Now, Metasploit can use raw wireless and direct hardware manipulation in order to test hardware for vulnerabilities. This change allows users to directly probe software-defined radio (SDR), industrial control system (ICS), and other IoT hardware and software.

The new Metasploit hardware bridge will initially focus on automotive capabilities, allowing Metasploit to be used in streamlined automotive diagnostics. Throughout the year, Rapid7 plans to extend capabilities into other hardware verticals.

“Every wave of connected devices—regardless of whether you’re talking about cars or refrigerators—blurs the line between hardware and software,” said Craig Smith, Rapid7’s research director of Transportation Security. “As we like to say, this hardware bridge lets you exit the Matrix and directly affect real, physical things.”

Know Your Enemy

With over 1,600 exploits and 3,300 modules in the Metasploit Framework, security testers can discover weaknesses in their systems before attackers get the chance. Understanding your vulnerabilities allows you to prioritize your defenses, and helps you and your customers to feel secure. And considering the risks inherent to the IoT—and consumers’ perception of these risks—confidence in security is a necessity.

Metasploit’s new capabilities aim to provide this confidence while making vulnerability testing easier and quicker for both hardware and software. “We’re working to give security professionals the resources they need to test and ensure the safety of their products, no matter what side of the virtual divide they’re on,” said Smith.