We've rebranded! Find out more about our rebrand to LRQA Nettitude here
Select Page

 Internet of Things (IoT) Testing

The number of connected devices has rocketed in the past few years and the Internet of Things (IoT) has become a significant target for threat actors aiming to build botnets. Such botnets are then often employed to launch some of the largest Distributed Denial of Service (DDoS) attacks ever seen. LRQA Nettitude routinely work closely with the creators of smart devices in order to provide assurance around the security posture of their devices. Internet of Things (IoT) testing services provide a valuable way to assess the security levels associated with a given connected device.

LRQA Nettitude has extensive experience in Internet of Things (IoT) and assuring:

  • Smart devices for domestic usage
  • Smart devices for industrial usage
  • Smart metering
  • Connections for utilities
  • Smart devices aimed at the automotive and transport sector

When Is IoT Testing Applicable?

LRQA Nettitude recommend an Internet of Things (IoT) security test is performed for any device that will be connected to a network under normal use. From cameras to toothbrushes, connected devices are actively being targeted by threat actors aiming to: 

 

  • Serve malicious or illegally obtained software
  • Compromise individual and corporate privacy
  • Details of the motivations and goals for the relevant threats

In particular, devices that are designed to be ‘plug and play‘ should be subject to an Internet of Things (IoT) penetration test; their low barrier to setup often means that they are deployed in suboptimal security configurations. For organizations that produce Internet of Things devices and are concerned about their security posture, LRQA Nettitude offer a world class penetration testing service.

How do LRQA Nettitude Perform an Internet of Things (IoT) Security Test?

Compared with more traditional areas of penetration testing Internet of Things (IoT) presents a number of unique challenges. One of the main challenges lies in diversity; varying architectures, communication protocols, coding and operating systems result in almost immeasurable combinations of technology. Therefore, LRQA Nettitude utilize only the most experienced penetration testers for Internet of Things (IoT).

LRQA Nettitude’s security consultants ensure that the full attack surface and all use cases are considered in order to give full levels of assurance. Broadly, an IoT test focuses on the following areas:

Hardware

Firmware

Application

Network

Encryption

What’s The Output Of An Internet of Things (IoT) Security Test?

Any organization that works with LRQA Nettitude on Internet of Things (IoT) security testing can expect two fully quality-assured reports per engagement. The first is a management report, which is designed to be consumed by a non-technical audience and relays the overall security posture of the target device in terms of risk.

The second is a technical report, which provides in-depth technical detail for each finding, including relevant and actionable remedial advice. Of course, the engagement doesn’t stop there. LRQA Nettitude always encourages a debrief to ensure full comprehension has been achieved. It’s an opportunity to ask absolutely any questions at all. After the debrief, the organization is welcome to stay in touch with LRQA Nettitude and receive top-quality security advice.

General Enquiry.