IoT Testing


As more and more devices are equipped with network connections, few are being built with security in mind. Internet facing embedded devices often have open web services and are poorly configured. Authentication is often weak or non-existent and devices are often running vulnerable versions of software, leaving services open to attack or compromise.

Prescient Security offers IoT device secure testing services to identify risks on a device’s attack surface and to provide recommendations on how to prevent the device from being compromised by a malicious actor. This is done using black box or white box methodology, examining:

•       The environment that the device operates on

•       Hardcoded sensitive data within the software

•       Hardware vulnerabilities

•       Exploitation to gain network access

Methodology

Hardware Analysis

–       Examine ports, physical access points

–      Analyze data storage, extract memory and firmware, examine exposed network services and communication protocols

Breaking down the Firmware

–      Reverse-engineering

–      Binary Exploitation

Signal Communication to compromise software

–      Test how device interacts with its front-end interface (mobile or web application)

–      Bluetooth, WiFi and Ethernet, etc

–      Carry out application testing methodology to identify vulnerabilities

Attack & Exploitation

–      Attack device’s vulnerabilities in real-time to simulate real world attack

–      Attempt to pivot into internal network access to further compromise systems and demonstrate risk

Detailed Report

(Exploitation likelihood and potential impact, Recommendation & Mitigation Plan Development)

–      Per vulnerability

–      Per attack/exploit vector