An IoT pentest searches for security flaws in the object’s entire ecosystem: hardware, embedded software, communication protocols, servers, mobile applications, APIs and Web interfaces.
IoT security is a major challenge, with the development of smart homes, smart cities, connected health care systems and the 4.0 industry.
The security of connected objects is a complex subject, due to the extent of the technologies involved and the number of possible points of attack.
The objective of a connected object pentest is to identify the flaws present in the different layers in order to secure the object’s entire environment. In this case, the audit targets the hardware (electronics), the software (embedded software, communication protocol) as well as Web and mobile interface APIs (servers, web applications, mobile applications). However, it is also possible to focus the audit on a small technical part according to the previously identified security issues.
Therefore the scope of an IoT security audit is to be defined according to the client's priorities:
The first step is the definition of the scope of the audit. Exchanges with the client make it possible to decide the objectives, the target and the conditions of the pentest.
It is important to provide time for the preparation phase of the audit: reception of the object by the pentesters, purchase of specific equipment if necessary, transmission of additional information by the client, etc.
In some cases, the pentesters carry out the audit from Vaadata’s offices, having at their disposal one or more copies of the connected object. In other cases, the audit must be done from a client’s site. Depending on the predefined conditions, the client can be gradually notified of findings as the audit progresses, or only once the audit is completed.
Penetration tests of hardware focus on the electronic components of the solution (non-invasive and invasive attacks).
The techniques used include the following:
Penetration tests of firmware focus on the software embedded in the object, including a certain number of techniques:
Penetration tests of communication protocols focus on the technology that is used for communicating the object and sending data to the outside (RFID, NFC, ZigBee, Bluetooth, WiFi, SigFox, LoRa, etc.).
The tests are based on the following techniques, among others:
Bluetooth Low Energy (BLE) is a communication protocol that is particularly used because it makes it possible to send small quantities of data between items of equipment while saving the battery.
Security issues related to BLE are very often linked to incorrect implementation of the protocol. There are ways to encrypt the data exchange and strengthen the security of the protocol, which are to be studied from the design phase of a connected object. Further information
In 2018, 26% of organizations experienced a data breach specifically because of unsecured IoT devices or applications.
2019. The Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know. Ponemon Institute. (p. 2).
65% of consumers are concerned with the way connected devices collect and use personal data.
2019. The trust opportunity: Exploring consumers’ attitudes to the Internet of Things. Consumers International & Internet Society. (p. 7)
73% of organizations had been hit by at least an attack against connected devices in 2018.
2018. The IoT Revolution: Uncovering Opportunities, Challenges and the Scale of the Security Threat. Trend Micro. (p. 4).
Our range of pentests
We cover a wide technical scope, with specific tests for each type of target. The exact area to which the pentest is applied is to be defined directly according to your security priorities, or after a reconnaissance audit phase for identifying the parts that are most at risk from the viewpoint of an attacker.