embedded device/IoT device testing

protecting your embedded devices

The Internet of Things (IoT) is growing at pace and organisations all over the world are utilising the benefits embedded devices can bring.  
Whether you’re a device developer or an end user, ensuring the security of your connected device is vital, especially when sensitive data is being processed or where devices have access to critical networks/systems within an organisation. 

the benefits of embedded device/IoT testing

From the perspective of an IoT developer, there are two main benefits:

protect your reputation

Security should be considered throughout the development lifecycle. If a security vulnerability was to be exploited by a threat actor it could potentially put the security of your clients at risk, damaging the reputation of both your product and your organisation.

providing security assurances to clients

Security-conscious clients may request evidence that an IoT device has been assessed from a security standpoint as part of the procurement process. We can issue a letter of opinion following testing, providing your customers with the security assurances they require.

From the perspective of an end user organisation, the two main benefits are:   

decrease risk

An unsecure IoT device can be used by a threat actor to gain access to your organisations most critical data, potentially leading to financial, operational and reputational damage. IoT devices therefore need to be tested on a regular basis, helping you to protect both your organisation and your clients from damaging cyber threats.

achieve compliance

In certain circumstances, businesses may require an IoT penetration test for compliance reasons. Our IoT testing can help you work towards compliance, proving assurances to both regulatory bodies and to prospective clients.

what we test

Our embedded device /IoT testing is tailored to your requirements, providing a widespread assessment which covers all aspects of an IoT system. Our testing approach includes the following areas:

  • Firmware
  • Application
  • Encryption
  • Hardware
  • Network
The following shows the areas of a device that would be tested:
  • Firmware & hardware: Test/degbug points, anti-tamper protections, operating system hardening, default credentials, network services, APIs & network traffic interception
  • Ecosystem: Cloud services/APIs, mobile application and update/upgrade process
  • Protocol fuzzing: Device protocol APIs, industry standard protocols, proprietary protocols, network, file, advanced debugging and stack tracing

our approach

Every embedded device/IoT test goes through a rigorous process, ensuring you get the best possible outcome for your organisation. Below we outline the key stages our testing goes through:

Penetration testing approach - Pentest - Information security assurance

1. scoping

We work with you to fully understand your organisation, the device in question and the desired test outcomes.

2. proposal & prerequisites

A proposal will be drawn up outlining the planned scope of work and the preparation needed to start testing.

3. testing

Our consultants are given access to the device, using their expertise to evaluate the product from a security standpoint.

4. ongoing communication

Our consultants will communicate with you throughout the test, to your set requirements.

5. reporting

A comprehensive, quality assured report of test findings will be delivered.

6. post-test support

Our consultants will be available to offer guidance on any aspect of the report, as well as remediation efforts

6. retest

You have the option to retest, ensuring reported vulnerabilities have been addressed.

why choose us

Our cloud tests are designed to support your overall information security efforts. It’s this support that truly sets us apart and our team is dedicated to reducing your cyber threat, to pass on our wealth of expertise and to provide you with the security assurances you need.

experience and expertise

Our team of security consultants have years of experience and a depth of expertise in testing embedded devices. We invest significant time into security research projects, honing and developing skills which allow our consultants to deliver the best possible results for your organisation.

dedicated contact throughout

Every organisation we work with is appointed a dedicated account manager. Our account managers understand the complexity of coordinating tests and will work with you to ensure your test runs smoothly.

testing tailored to your business

No two organisations are the same and neither are our device/IoT tests. We work closely with you to fully understand your goals, the device in question, the security challenges, operational needs and priorities before we undertake any work.

quality reporting

Every penetration test report undergoes an internal QA process and is peer reviewed. Our reports provide you with a managerial overview of findings, an in-depth technical review of the vulnerabilities found and our remediation advice.

post-test support

Our job doesn’t finish on the delivery of a report and our expert consultants will be available to answer any questions, to share their expert knowledge, and to provide remediation support to internal development teams or external suppliers.  

optional retest

We can provide an optional retest into our testing, making sure issues have been understood and remediation efforts have been implemented as effectively as possible. 

added value

Value is about more than just cost. Our value comes from scoping engagements accurately, our detailed reports, providing your team with post-test support, the expert knowledge we impart and by going above & beyond the tick box deliverables used by other information security providers.

contact us

Want to find out more about our embedded device/IoT device penetration testing services? Our team are on hand to provide you with the information and support you need. Please fill out the form below and one of our team will be in touch soon.