INTERNET OF THINGS TESTING

The number of connected devices has rocketed in the past few years and, as Nettitude documented in our 2016 threat intelligence report, the Internet of Things (IoT) has become a significant target for threat actors aiming to build botnets. Such botnets are then often employed to launch some of the largest Distributed Denial of Service (DDoS) attacks ever seen. For example, the Mirai malware discovered in 2016 infected hundreds of thousands of IoT devices and then utilized them to launch high profile, high bandwidth DDoS attacks against high profile websites.

Nettitude routinely work closely with the creators of smart devices in order to provide assurance around the security posture of their devices. Internet of Things testing services provide a valuable way to assess the security levels associated with a given connected device.

Nettitude has extensive experience in IoT testing and assuring:

  • Smart devices for domestic usage
  • Smart devices for industrial usage
  • Smart metering
  • Connections for utilities
  • Smart devices aimed at the automotive and transport sector

When Is IoT Testing Applicable?

Nettitude recommend an Internet of Things security test is performed for any device that will be connected to a network under normal use. From cameras to toothbrushes, connected devices are actively being targeted by threat actors aiming to:

  • Serve malicious or illegally obtained software
  • Compromise individual and corporate privacy
  • Details of the motivations and goals for the relevant threats

In particular, devices that are designed to be ‘plug and play‘ should be subject to an Internet of Things penetration test; their low barrier to setup often means that they are deployed in suboptimal security configurations. For organizations that produce Internet of Things devices and are concerned about their security posture, Nettitude offer a world class penetration testing service.

How Do Nettitude Perform An IoT Security Test?

Compared with more traditional areas of penetration testing Internet of Things presents a number of unique challenges. One of the main challenges lies in diversity; varying architectures, communication protocols, coding and operating systems result in almost immeasurable combinations of technology. Therefore, Nettitude utilize only the most experienced penetration testers for IoT testing.

Nettitude’s security consultants ensure that the full attack surface and all use cases are considered in order to give full levels of assurance. Broadly, an IoT test focuses on the following areas:

Hardware

Firmware

Application

Network

Encryption

What’s The Output Of An IoT Security Test?

Any organization that works with Nettitude on Internet of Things security testing can expect two fully quality-assured reports per engagement. The first is a management report, which is designed to be consumed by a non-technical audience and relays the overall security posture of the target device in terms of risk.

The second is a technical report, which provides in-depth technical detail for each finding, including relevant and actionable remedial advice. Of course, the engagement doesn’t stop there. Nettitude always encourage a debrief to ensure full comprehension has been achieved. It’s an opportunity to ask absolutely any questions at all. After the debrief, the organization is welcome to stay in touch with Nettitude and receive top-quality security advice.