An IoT pentest enables to search for security flaws in the connected object’s entire ecosystem: hardware, embedded software, communication protocols, servers, mobile applications, APIs and Web interfaces.
Download our white paper: Security of IoT Wireless Technologies
IoT security is a major challenge, with the development of smart homes, smart cities, connected health care systems and the 4.0 industry.
The security of connected objects is a complex subject, due to the range of technologies and the number of possible points of attack.
The objective of a connected object pentest is to identify the flaws present in the different layers in order to secure the object’s entire environment. In this case, the audit targets the hardware (electronics), the software (embedded software, communication protocol) as well as APIs, Web and mobile interfaces (servers, web applications, mobile applications). However, it is also possible to focus the audit on a limited technical area depending on the security issues previously identified.
Therefore, the scope of an IoT security audit is to be defined according to the client's priorities:
The first step is the definition of the scope of the audit. Discussions with the client make it possible to decide the objectives, the target and the conditions of the pentest.
It is important to allocate time for the preparation phase of the audit: reception of the object by the pentesters, purchase of specific equipment if necessary, transmission of additional information by the client, etc.
In some cases, the pentesters carry out the audit from Vaadata's offices, having one or more copies of the connected object at their disposal. In other cases, the audit must be conducted from a client’s site. Depending on the pre-defined conditions, the client may be notified of the findings as the audit progresses or only when the audit is completed.
Penetration tests of hardware focus on the electronic components of the solution (non-invasive and invasive attacks).
The techniques used include the following:
Penetration tests of firmware focus on the software embedded in the object, including a certain number of techniques:
Penetration tests of communication protocols focus on the technology enabling the communication of the object and the sending of data to the outside (RFID, NFC, ZigBee, Bluetooth, WiFi, SigFox, LoRa, etc.).
The tests are based on the following techniques:
Our white paper Security of IoT Wireless Technologies presents existing and exploitable vulnerabilities on these technologies, as well as the means to counter or reduce the risks.
Bluetooth Low Energy (BLE) is a communication protocol that is particularly used because it makes it possible to send small quantities of data between items of equipment while saving the battery.
Security issues related to BLE are very often linked to incorrect implementation of the protocol. There are ways to encrypt the data exchange and strengthen the security of the protocol, which are to be studied from the design phase of a connected object.
Further information on Bluetooth Low Energy
In 2018, 26% of organizations experienced a data breach specifically because of unsecured IoT devices or applications.
2019. The Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know. Ponemon Institute. (p. 2).
65% of consumers are concerned with the way connected devices collect and use personal data.
2019. The trust opportunity: Exploring consumers’ attitudes to the Internet of Things. Consumers International & Internet Society. (p. 7)
73% of organizations had been hit by at least an attack against connected devices in 2018.
2018. The IoT Revolution: Uncovering Opportunities, Challenges and the Scale of the Security Threat. Trend Micro. (p. 4).
Our range of pentests
We cover a wide technical scope, with specific tests for each type of target. The exact area to which the pentest is applied is to be defined directly according to your security priorities, or after a reconnaissance audit phase for identifying the parts that are most at risk from the viewpoint of an attacker.