IoT pentesting and security review
Modern products and devices contain significant amounts of software, and often hold valuable intellectual property and sensitive customer data. Are you sure your products are secure?
• Are your products resistant to cloning by your competitors?
• Do they meet the security and quality standards your customers demand?
• Are your products encrypting data or control signals when transmitted via radio or over the Internet?
• Are your IoT devices providing a backdoor for criminals to attack your cloud IT infrastructure?
We will produce an independent, comprehensive and confidential report on your product with practical and cost-effective recommendations for improvement. If needed, we can also perform remedial work to improve the product.
We are also able to independently audit third-party products, with some limitations.
Please get in touch to discuss your project - we'd love to talk it over with you.
We will
• Evaluate product compliance with industry cybersecurity standards such as PCI/DSS, ETSI EN 303 645, IEC 62443, and the GDPR
• Identify and review debug ports and manufacturing test points
• Evaluate resistance to cloning or duplication
• Review the data a device sends over the internet or radio protocols, if applicable, to determine whether it is accessible to an attacker
• Attempt to dump the device firmware, and review what information (for example, encryption keys) is accessible
• Review supplied firmware source code for programming errors that may allow device security features to be bypassed
• Review placement of physical security features, such as lockouts, tamper switches, and reset buttons
• Determine the cloud services an IoT device communicates with, and evaluate their resistance to attack
The scope of the review will be agreed with you before commencement.
