What is ETSI EN 303 645?

ETSI EN 303 645 brings together widely considered good practice in security for Internet-connected consumer devices in a set of high-level outcome-focused provisions, giving organizations the flexibility to innovate and implement security solutions appropriate for their products. The focus of the document is on the baseline level of security which is intended to protect against elementary attacks on fundamental design weaknesses.

IoT device security provisions in ETSI EN 303 645

  • 5.1 No universal default passwords
  • 5.2 Implement a means to manage reports of vulnerabilities
  • 5.3 Keep software updated
  • 5.4 Securely store sensitive security parameters
  • 5.5 Communicate securely
  • 5.6 Minimize exposed attack surfaces
  • 5.7 Ensure software integrity
  • 5.8 Ensure that personal data is secure
  • 5.9 Make systems resilient to outages
  • 5.10 Examine system telemetry data
  • 5.11 Make it easy for users to delete user data
  • 5.12 Make installation and maintenance of devices easy
  • 5.13 Validate input data

The challenges to check those provisions

From those provisions some of them are pretty easy and straightforward to check by just looking into the IoT system and checking if those provisions apply there. However some provisions are not fully straightforward to check even by the developers because not only those provisions need to exist but also they have to be implemented in a secure way. As such a simple programming mistake or not being fully aware of secure coding best practices or security capabilities of each IoT protocol or the SDK could result in insecure implementation of those capabilities.

How can Firmalyzer help?

Firmalyzer provides an automated firmware security analysis engine for bare-metal and monolithic firmwares that enables device manufacturers and security testing labs to perform automated security analysis without access to the firmware source code. With a combination of static code analysis and targeted code emulation, Firmalyzer can check the following provisions of the standard in a fully or partially automated way:
5.1-3, 5.3-1, 5.3-2, 5.3-4, 5.3-7, 5.3-9, 5.3-10, 5.4-3, 5.4-4, 5.5-1, 5.5-2, 5.6-4, 5.6-5, 5.6-7, 5.7-1, 5.8-1, 5.8-2, 5.13-1

The solution is able to discover the following classes of vulnerabilities:

  • Insecure use of vendor SDK APIs such as Bluetooth Low Energy functions
  • Potential memory corruption vulnerabilities such as buffer overflows, out-of-bounds read and writes and format string bugs
  • Integer overflow and underflow issues
  • Use after free and double free vulnerabilities
  • Insecure use of cryptographic algorithms
  • Insecure privileged mode services
  • Disabled SoC/MCU security features such as secure-debug and secure-boot
  • Outdated vendor SDK or RTOS