TL;DR
- EN 303 645 is a useful baseline for consumer IoT security, but it is not a replacement for threat modelling, engineering assurance, or practical testing.
- Our EN 303 645-aligned assessments most frequently find shortcomings in secure storage, secure communications, default credentials, input validation, software updates, and exposed attack surfaces.
- Some of these are quick fixes. Others...
