IoT / Embedded device penetration testing

Providing the security assurances you need when it comes to your connected IoT devices

Why does your IoT / Embedded device need testing?

The Internet of Things (IoT) is growing at pace and organisations all over the world are starting to realise the benefits these embedded devices can bring to their operations, as well as their employees/customers. 

Whether you’re an IoT developer or an end-user, the security of such devices is vital and any breach could potentially cause reputational damage, as well as financial loss. Especially when they are processing sensitive data, where they have access to critical networks/systems within an organisation, or crucially, where a potential breach may endanger health.

Find out more about Pentest

Find out more about Pentest, the support we offer and
the reasons clients choose us.

What we review

Embedded devices can be complicated in nature and no two devices are the same. Our testing is tailored to the device under review and our consultants will undertake whatever testing is necessary to fully assess the security of the entire IoT system. This could include:

Device configuration (Application)

Default credentials, password policies, insecure services, device eco-system & architecture

Physical security (Hardware/Firmware)

Identifying weaknesses in the design of the device, extracting and reverse engineering firmware to identify vulnerabilities

Network services

Investigating the technology protocols in use, encryption measures used for transit and data flow

Device application (Application/Firmware)

Technology used by the device, potential weaknesses in processes and flow of data, data storage and access control

Our IoT test process

Every IoT / Embedded device penetration test goes through a rigorous process to ensure you get the best possible results. Below we outline the key stages our testing goes through:

1. Scoping

Your dedicated account manager (AM) will work closely with you to understand your business, the device under review & the desired outcomes. The AM will then work with the assigned Pentest consultants & your stakeholders to ensure testing meets your exact needs.

2. Proposal

A bespoke proposal of work will be drawn up based on your requirements, our experience and our consultant’s expertise. This proposal will outline our recommended test approach, the prerequisites needed & the time required to investigate the device.

3. Testing

Testing will commence on the agreed date and our consultants will communicate with you throughout the test, to your set requirements. All testing is conducted manually and our consultants will look to identify as many issues as possible in the time allotted.

4. Reporting

A comprehensive, quality assured report of our findings will be delivered following the test. Our reports can be tailored to your needs, providing both a technical and managerial overview of findings, as well as our detailed remediation advice.

5. Post-test support

Our job doesn’t finish on the delivery of a report, your test consultant will be available after the test to explain any aspect of the report, as well as provide remediation support to internal teams and/or external suppliers.

6. Evidence of testing

Many of our clients need to supply evidence of testing for security assurance purposes. We can supply additional documentation which will provide these assurances to your internal and/or external stakeholders.

Why choose Pentest?

Our test process isn’t the only reason clients choose to work with us. Find out more about Pentest, our ethos and the support we offer our clients.

Contact us

Want to find out more about our IoT / Embedded device penetration testing service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.