IoT Penetration Testing

What is the Internet of Things (IoT)?

The Internet of Things (IoT) refers to the global collective of internet-facing embedded devices. These devices contain components that interface with web-based applications or cloud technology. They can be smart homes/offices system such as security cameras, alarm systems, thermostats, door locks, personal gadget; smart watch, smart sport shoes to even vehicles. With the expansion of IoT, we’re seeing a new wave of great accessibility benefits and impending security concerns.

The number of connected devices has rocketed in the past few years and, the Internet of Things (IoT) has become a significant target for hackers aiming to build botnets. Such botnets are then often employed to launch some of the largest Distributed Denial of Service (DDoS) attacks ever seen. For instance, the Mirai malware discovered in 2016 infected hundreds of thousands of IoT devices and then utilized them to launch high profile, high bandwidth DDoS attacks against high profile websites.

ReconZ Consulting has established a detailed yet comprehensive methodology for conducting security penetration testing of business IoT systems. Internet of Things (IoT) penetration testing is scoped based on initial discovery and documentation of IoT devices deployed in your business. ReconZ Consulting has extensive experience in testing and assuring smart devices for domestic as well as industrial usage.

With our Reconz Cyber Assault (ReCA) services, we help customer to perform:

    a.) Comprehensive Penetration testing of your Internet of Things product—the device, how the device talks to your smart phone or the internet, the could services that hosts that data, websites or applications that talk to your device.
    b.) PII data security review
    c.) Code review—embedded code, remote procedure calls, mobile and web application code.
    d.) Evaluation of authentication, authorization and auditing structure.
    e.) Data security evaluation at rest and in motion.
    f.) Protocol communication review: REST, SOAP, RPC, ZIGBEE, etc
    g.) Security evaluations databases and directories including queries, stored procedures, authentication and ACLS
    h.) Reviewing privilege escalation attacks
    i.) Reviewing cryptographic protection on applications and/or delivery mechanisms
    j.) Reviewing application binary or packages for embedded passwords, keys, certificates
    k.) Reviewing log handling, insecure storage, and caching/temp file issues
    l.) Provide policy and compliance gap analysis to major standard and best practices (PCI, HIPAA, HITECH, FDA)

Please contact us to know more about our cyber security services.