In an international collaboration, U.S.-based Beyond Security and Japan-based Ubiquitous AI Corporation developed and launched BeStorm X, a vulnerability verification tool designed specifically to test IoT devices. The vendors claim the tool is an amalgamation of Beyond Security's BeStorm version 7.6.8 and UAC's IoT technologies.
The vendors claim that BeStorm X can perform IoT device testing for both known and unknown vulnerabilities. It's a black-box fuzzer that tests IoT software for susceptibilities such as missing patches in the underlying operating system, bad configuration, as well as other weaknesses, including those in custom protocols.
Fuzzing is an automated tool-based software testing technique that intentionally inputs invalid or random data into a system and, when the system is unable to verify the data, exposes and locates bugs or leaks. The vendors claim BeStorm X will detect zero-day vulnerabilities, default passwords, bad encryption settings and other issues.
BeStorm X is geared toward IoT vendors, certification testers, and even commercial end users. End-user pricing starts at $9,500 and goes up according to number of seats and protocols that need to be tested.
Beyond Security, in addition to BeStorm X and BeStorm, offers vulnerability assessment and management tools (BeSecure) and PCI ASV services. UAC, born from a merger of Ubiquitous Corporation and A.I. Corporation in July 2018, touts lightweight security, networking, wireless and OS products.