INTERNET OF THINGS TESTING
The number of connected devices has rocketed in the past few years and the Internet of Things (IoT) has become a significant target for threat actors aiming to build botnets. Such botnets are then often employed to launch some of the largest Distributed Denial of Service (DDoS) attacks ever seen.
LRQA Nettitude routinely work closely with the creators of smart devices in order to provide assurance around the security posture of their devices. Internet of Things testing services provide a valuable way to assess the security levels associated with a given connected device.
LRQA Nettitude has extensive experience in IoT testing and assuring:
- Smart devices for domestic usage
- Smart devices for industrial usage
- Smart metering
- Connections for utilities
- Smart devices aimed at the automotive and transport sector
When Is IoT Testing Applicable?
LRQA Nettitude recommend an Internet of Things security test is performed for any device that will be connected to a network under normal use. From cameras to toothbrushes, connected devices are actively being targeted by threat actors aiming to:
- Build botnets
- Serve malicious or illegally obtained software
- Compromise individual and corporate privacy
- Details of the motivations and goals for the relevant threats
In particular, devices that are designed to be ‘plug and play‘ should be subject to an Internet of Things penetration test; their low barrier to setup often means that they are deployed in suboptimal security configurations. For organisations that produce Internet of Things devices and are concerned about their security posture, LRQA Nettitude offer a world class penetration testing service.
How Do LRQA Nettitude Perform An IoT Security Test?
Compared with more traditional areas of penetration testing Internet of Things presents a number of unique challenges. One of the main challenges lies in diversity; varying architectures, communication protocols, coding and operating systems result in almost immeasurable combinations of technology. Therefore, LRQA Nettitude utilise only the most experienced penetration testers for IoT testing.
LRQA Nettitude’s security consultants ensure that the full attack surface and all use cases are considered in order to give full levels of assurance. Broadly, an IoT test focuses on the following areas:
Hardware
Firmware
Application
Network
Encryption
What’s The Output Of An IoT Security Test?
Any organisation that works with LRQA Nettitude on Internet of Things security testing can expect two fully quality-assured reports per engagement. The first is a management report, which is designed to be consumed by a non-technical audience and relays the overall security posture of the target device in terms of risk.
The second is a technical report, which provides in-depth technical detail for each finding, including relevant and actionable remedial advice. Of course, the engagement doesn’t stop there. LRQA Nettitude always encourage a debrief to ensure full comprehension has been achieved. It’s an opportunity to ask absolutely any questions at all. After the debrief, the organisation is welcome to stay in touch with LRQA Nettitude and receive top-quality security advice.
Get a free quote