IoT Penetration Test

IoT Penetration Test

The Internet of Things (IoT) covers all products connected to the Internet. Products that require connection to a home, office or any network to fulfill their features are included in this broad scope.

All IoT products collect data during its use and often share this information with the manufacturer without knowledge of users that data is being collected. In many cases, product functions are connected to the Internet and can be controlled by the manufacturer.

Manufacturers of all kinds of electronic or electrical devices are in a rush to add features that require connectivity to the internet.

Testing software written for an IoT product has only one goal, that it works and is easy to set up and manage. Security is secondary or even third.

The hardware (chipsets) used in most new products is very old and often has multiple known vulnerabilities. The software included in IoT devices and rarely subjected to in-depth security testing often has its own security vulnerabilities. As a result, devices installed in millions of home and business networks are waiting to be hacked. Once a vulnerability is discovered in a widely distributed product line, these devices, which will be found in thousands of homes and businesses, will cause IoT devices to be hacked and potentially expose their entire networks to exposure and attacks.

IoT Architecture

IoT devices can contain many security vulnerabilities due to their architecture and therefore become vulnerable to attack.

Typically, an IoT architecture consists of the following components:

  • Key Components: Smart devices equipped with sensors and actuators.
  • IoT Field Gateways: Boundary elements that provide the connection between objects and the cloud part of an IoT solution.
  • Cloud Gateways: Components that facilitate data compression and transfer between gateways and cloud servers.
  • Streaming Data Processor: An element that enables the seamless transition of input data to a large data warehouse and control applications.
  • Data Storage: Contains a data lake (stores raw data in the form of “streams”) and a large data warehouse (stores filtered and structured data, as well as context information about smart devices, sensors, commands from control applications).
  • Data Analytics: A unit that uses information from the big data warehouse to create data patterns and extract meaningful info.
  • Machine Learning: Regularly generates and updates models based on historical data accumulated in a large data store used by control applications.
  • Control Applications: Components that send automatic commands and alerts to actuators.
  • Client-Server System: It includes a user business logic component (server side), a mobile app, and a web app (client side).

Full-scale IoT penetration testing should go beyond smart devices and cover all IoT system elements.

Security Vulnerabilities in IoT Devices

Manufacturers in the IoT field often face privacy issues that they cannot foresee. Therefore, IoT devices have been exposed to increasing levels of attacks in recent years due to the inherently weak security element. Some of the common problems that arise due to the spread of IoT include:

  • IoT users consent to the collection and storage of data without sufficient knowledge or technical knowledge. The data collected and shared with third parties will eventually create a detailed picture of users' personal lives, causing information that users would never consider sharing with a stranger they meet on the street.
  • That anonymity is a constant problem in the IoT world, IoT platforms do not give any importance to user anonymity in the data sharing process.
  • Cyber attacks are likely to become more and more a physical (not just virtual) threat. Many internet-connected devices such as cameras, televisions and kitchenware have already been able to spy on people in their own homes. Such devices accumulate a large amount of personal data shared with other devices or held in databases by organizations and are prone to misuse.
  • Computer-controlled automobile devices such as horns, brakes, engines, control panels and locks are at risk from hackers who can access the in-vehicle network.
  • The concept of layered security and redundancy for managing IoT-related risks is still at a new stage. For example, the readings of smart health devices can be altered to monitor a patient's condition and then be connected to another device to prescribe analysis may adversely affect the patient's diagnosis or treatment.
  • When a large number of IoT-based devices try to connect to a particular website or database, there is a high probability of failure while resulting in customer dissatisfaction and reduced revenue.


Test Methodology

Below are the steps and pentest methodology for the security tests of IoT devices.

  • Functional Evaluation
  • Device Discovery
  • Cloud and Web Service Tests
  • Discovery of Mobile and Control Apps
  • Network Oriented Test
  • Embedded Hardware Controls
  • Physical Device Attacks
  • Radio (RF) Signals