embedded_
device/IoT_
testing
protecting your embedded devices
the benefits of embedded device/IoT testing
From the perspective of an IoT developer, there are two main benefits:
protect your reputation
Security should be considered throughout the development lifecycle. If a security vulnerability was to be exploited by a threat actor it could potentially put the security of your clients at risk, damaging the reputation of both your product and your organisation.
providing security assurances to clients
Security-conscious clients may request evidence that an IoT device has been assessed from a security standpoint as part of the procurement process. We can issue a letter of opinion following testing, providing your customers with the security assurances they require.
From the perspective of an end user organisation, the two main benefits are:
decrease risk
An unsecure IoT device can be used by a threat actor to gain access to your organisations most critical data, potentially leading to financial, operational and reputational damage. IoT devices therefore need to be tested on a regular basis, helping you to protect both your organisation and your clients from damaging cyber threats.
achieve compliance
In certain circumstances, businesses may require an IoT penetration test for compliance reasons. Our IoT testing can help you work towards compliance, proving assurances to both regulatory bodies and to prospective clients.
what we test
Our embedded device /IoT testing is tailored to your requirements, providing a widespread assessment which covers all aspects of an IoT system.
Our testing approach includes the following areas:
- Firmware
- Application
- Encryption
- Hardware
- Network
- Firmware & hardware: Test/degbug points, anti-tamper protections, operating system hardening, default credentials, network services, APIs & network traffic interception
- Ecosystem: Cloud services/APIs, mobile application and update/upgrade process
- Protocol fuzzing: Device protocol APIs, industry standard protocols, proprietary protocols, network, file, advanced debugging and stack tracing
our approach
Every embedded device/IoT test goes through a rigorous process, ensuring you get the best possible outcome for your organisation. Below we outline the key stages our testing goes through:
1.scoping
We work with you to fully understand your organisation, the device in question and the desired test outcomes.
2. proposal & prerequisites
proposal will be drawn up outlining the planned scope of work and the preparation needed to start testing.
3. testing
Our consultants are given access to the device, using their expertise to evaluate the product from a security standpoint.
4. ongoing communication
Our consultants will communicate with you throughout the test, to your set requirements.
5. reporting
A comprehensive, quality assured report of test findings will be delivered.
6. post-test support
Our consultants will be available to offer guidance on any aspect of the report, as well as remediation efforts.
7. retest
You have the option to retest, ensuring reported vulnerabilities have been addressed.
why choose us?
Our cloud tests are designed to support your overall information security efforts. It’s this support that truly sets us apart and our team is dedicated to reducing your cyber threat, to pass on our wealth of expertise and to provide you with the security assurances you need.
experience and expertise
Our team of security consultants have years of experience and a depth of expertise in testing embedded devices. We invest significant time into security research projects, honing and developing skills which allow our consultants to deliver the best possible results for your organisation.
dedicated contact throughout
Every organisation we work with is appointed a dedicated account manager. Our account managers understand the complexity of coordinating tests and will work with you to ensure your test runs smoothly.
testing tailored to your business
No two organisations are the same and neither are our device/IoT tests. We work closely with you to fully understand your goals, the device in question, the security challenges, operational needs and priorities before we undertake any work.
quality reporting
Every penetration test report undergoes an internal QA process and is peer reviewed. Our reports provide you with a managerial overview of findings, an in-depth technical review of the vulnerabilities found and our remediation advice.
post-test support
Our job doesn’t finish on the delivery of a report and our expert consultants will be available to answer any questions, to share their expert knowledge, and to provide remediation support to internal development teams or external suppliers.
optional retest
We can provide an optional retest into our testing, making sure issues have been understood and remediation efforts have been implemented as effectively as possible.
added value
Value is about more than just cost. Our value comes from scoping engagements accurately, our detailed reports, providing your team with post-test support, the expert knowledge we impart and by going above & beyond the tick box deliverables used by other information security providers.
