IOT Pentesting

With the advent of IPV6 and wide deployment of WI-FI Networks, IoT is growing at a dangerously fast pace, and researchers estimate that by 2020, the number of active wireless connected devices will exceed 30 Million. The biggest plus point of IoT is that we are able to do things that nobody has thought of. But, with the plus there comes the downside too: The IoT has become the center for attraction for the Cybercriminals. More Connected Devices means that hacker have more targets to attacks.

So, Keeping all this in mind. We at InterceptZero use end to end methodology so as to cover each and every aspect of IoT from security points of view.

IoT Device Security Testing

Our team perform the physical inspection on device physical interfaces to identify the risk at the device level that could lead to privilege escalation, unauthenticated root shell, firmware dumping.

IoT Device Application Security Testing

Just like the web application security testing, we perform the security testing of the device GUI so as to make sure that the application interacting with the device is safe from all the attacks that could hinder or disturb the normal functioning of the device.

IoT Firmware Security Assessment

It is one of the crucial steps in IoT security assessment. Since, firmware contains all information, that is required by the device for the normal functioning. In firmware analysis, we make sure that minimum baseline is maintained, hard coded plain text passwords, encryption keys and backdoor accounts not present.

Wireless Protocol Security Assessments

In wireless security assessments, we perform security testing on wireless protocols used for the device communication. We perform security analysis on Bluetooth LE, RF analysis, ZigBee and 6LoWPAN to make sure the baseline standards for device communication protocol are maintained.

IoT Cloud Web Security Testing

In cloud web security testing, we perform security testing on cloud services such as Cloud API used to interact with the IoT Devices, sensors. To convey the attack severity to non-technical audiences we make POC to demonstrate the vulnerability and working recommendations to mitigate the vulnerability.

IoT Device Network Services Security Testing

We make sure that IoT device are unaffected to the network attacks such as replay attacks, unencrypted data/services and provide with actionable mitigation recommendations.