Connected devices pentest – IoT penetration test


An IoT pentest searches for security flaws in the object’s entire ecosystem: hardware, embedded software, communication protocols, servers, mobile applications, APIs and Web interfaces.


Download our white paper: Security of IoT Wireless Technologies

Aim of an IoT pentest

IoT security is a major challenge, with the development of smart homes, smart cities, connected health care systems and the 4.0 industry.

The security of connected objects is a complex subject, due to the extent of the technologies involved and the number of possible points of attack.

The objective of a connected object pentest is to identify the flaws present in the different layers in order to secure the object’s entire environment. In this case, the audit targets the hardware (electronics), the software (embedded software, communication protocol) as well as Web and mobile interface APIs (servers, web applications, mobile applications). However, it is also possible to focus the audit on a small technical part according to the previously identified security issues.

Therefore the scope of an IoT security audit is to be defined according to the client's priorities:

  • Should we pentest the entire IoT ecosystem, or only certain parts?
  • What is the desired level of detail: a rapid analysis, or in-depth research work?
  • What is the level of public exposure of the solution, and what are the consequences if hacking occurs? (in order to choose between a black box test and a grey box test)

Contact us

Stages of an IoT security audit

The first step is the definition of the scope of the audit. Exchanges with the client make it possible to decide the objectives, the target and the conditions of the pentest.

It is important to provide time for the preparation phase of the audit: reception of the object by the pentesters, purchase of specific equipment if necessary, transmission of additional information by the client, etc.

In some cases, the pentesters carry out the audit from Vaadata’s offices, having at their disposal one or more copies of the connected object. In other cases, the audit must be done from a client’s site. Depending on the predefined conditions, the client can be gradually notified of findings as the audit progresses, or only once the audit is completed.

Ask for a quotation

Testing hardware

Penetration tests of hardware focus on the electronic components of the solution (non-invasive and invasive attacks).

The techniques used include the following:

  • Reverse engineering of elements extracted from the hardware equipment studied
  • Memory dumps
  • Cryptographic analysis

Testing firmware

Penetration tests of firmware focus on the software embedded in the object, including a certain number of techniques:

  • Detection of communication ports that are open and badly protected
  • Buffer overflow
  • Breaking passwords
  • Reverse engineering
  • Cryptographic analysis
  • Modifications of firmware
  • Debugging
  • Detection of configuration interfaces or backdoors

Testing communication protocols

Penetration tests of communication protocols focus on the technology that is used for communicating the object and sending data to the outside (RFID, NFC, ZigBee, Bluetooth, WiFi, SigFox, LoRa, etc.).

The tests are based on the following techniques, among others:

  • Capture and analysis of multi-protocol radio signals (sniffing)
  • Cryptographic analysis
  • Passive monitoring of exchanges
  • Interception and corruption of exchanges
  • Denials of service

Our white paper Security of IoT Wireless Technologies presents existing and exploitable vulnerabilities on these technologies, as well as the means to counter or reduce the risks.


Focus on Bluetooth Low Energy

Bluetooth Low Energy (BLE) is a communication protocol that is particularly used because it makes it possible to send small quantities of data between items of equipment while saving the battery.

Security issues related to BLE are very often linked to incorrect implementation of the protocol. There are ways to encrypt the data exchange and strengthen the security of the protocol, which are to be studied from the design phase of a connected object. Further information

zoom bluetooth

Key numbers


In 2018, 26% of organizations experienced a data breach specifically because of unsecured IoT devices or applications.
2019. The Third Annual Study on Third Party IoT Risk: Companies Don’t Know What They Don’t Know. Ponemon Institute. (p. 2).


65% of consumers are concerned with the way connected devices collect and use personal data.
2019. The trust opportunity: Exploring consumers’ attitudes to the Internet of Things. Consumers International & Internet Society. (p. 7)


73% of organizations had been hit by at least an attack against connected devices in 2018.
2018. The IoT Revolution: Uncovering Opportunities, Challenges and the Scale of the Security Threat. Trend Micro. (p. 4).

Our range of pentests

We cover a wide technical scope, with specific tests for each type of target. The exact area to which the pentest is applied is to be defined directly according to your security priorities, or after a reconnaissance audit phase for identifying the parts that are most at risk from the viewpoint of an attacker.

Contact us