The number of connected devices has rocketed in the past few years and, as Nettitude documented in our 2016 threat intelligence report, the Internet of Things (IoT) has become a significant target for threat actors aiming to build botnets. Such botnets are then often employed to launch some of the largest Distributed Denial of Service (DDoS) attacks ever seen. For example, the Mirai malware discovered in 2016 infected hundreds of thousands of IoT devices and then utilised them to launch high profile, high bandwidth DDoS attacks against high profile websites.

Nettitude routinely work closely with the creators of smart devices in order to provide assurance around the security posture of their devices. Internet of Things penetration tests provide a valuable way to assess the security levels associated with a given connected device.

Nettitude has extensive experience in testing and assuring:

  • Smart devices for domestic usage
  • Smart devices for industrial usage
  • Smart metering
  • Connections for utilities
  • Smart devices aimed at the automotive and transport sector

Request a free quote


When is an IoT penetration test applicable?

Nettitude recommend an Internet of Things penetration test is performed for any device that will be connected to a network under normal use.

From cameras to toothbrushes, connected devices are actively being targeted by threat actors aiming to:

  • Build botnets
  • Serve malicious or illegally obtained software
  • Compromise individual and corporate privacy
  • Details of the motivations and goals for the relevant threats

In particular, devices that are designed to be ‘plug and play‘ should be subject to an Internet of Things penetration test; their low barrier to setup often means that they are deployed in suboptimal security configurations.

For organisations that produce Internet of Things devices and are concerned about their security posture, Nettitude offer a world class penetration testing service.

How do Nettitude perform an IoT penetration test?

Compared with more traditional areas of penetration testing, Internet of Things presents a number of unique challenges. One of main challenges lies in diversity; varying architectures, communication protocols, coding and operating systems result in almost immeasurable combinations of technology.  Therefore, Nettitude utilise only the most experienced penetration testers for IoT penetration testing.

Nettitude’s security consultants ensure that the full attack surface and all use cases are considered in order to give full levels of assurance. Broadly, an IoT penetration test focuses on the following areas:

  • Hardware
  • Firmware
  • Application
  • Network
  • Encryption

What’s the output of an IoT penetration test?

Any organisation that works with Nettitude on an Internet of Things penetration test can expect two fully quality assured reports per engagement. The first is a management report, which is designed to be consumed by a non-technical audience and relays the overall security posture of the target device in terms of risk.  The second is a technical report, which provides in depth technical detail for each finding, including relevant and actionable remedial advice.

Of course, the engagement doesn’t stop there. Nettitude always encourage a debrief to ensure full comprehension has been achieved. It’s an opportunity to ask absolutely any questions at all. After the debrief, the organisation is welcome to stay in touch with Nettitude and receive top quality security advice.