IoT penetration testing featured image of a circuit board

How To Perform IoT Penetration Testing

Unless you have been living under a rock for the past 5 years you’ll have noticed the IoT industry has been ripe with software vulnerabilities. Everything from cars, fridges and children toys have been exploited by hackers.

So what’s the solution? What can manufactures do to prevent their devices being so inherently insecure.

IoT Penetration Testing

A form of security testing called penetration testing (aka pen testing for short) is a form of ethical hacking which has been around ever since the invention of locks and pretty much every security and access system. Manufacturers and cyber security experts will pay to have their systems tested by professional penetration testers for weaknesses that could be exploited by cyber criminals to gain access without following due procedures. these tests help strengthen device security, protect against unauthorised usage, avoiding privilege elevation, increase privacy, improve user data privacy and set stronger encryptions to avoid man in the middle attacks.

IoT penetration testing is much similar to this traditional white hat hacker pen testing procedure which involves just taking shots at the systems to try and find weaknesses and exploit them but it introduces a more complex environment to test in a wider surface and attack vectors. It actually require that the expert create an ecosystem for every specific IoT device and test the unique array of attack vectors so as to uncover all potential vulnerabilities.

This means that IoT can thwart more sophisticated attacks unlike the traditional one that lure the human user to open a malicious link. In IoT, the system does not have any end user behind the device which makes it that much more difficult to break in.also the scope of IoT is much larger than the familiar windows and Linux systems and extends to some uncommon systems like ARM, MIPS, and PowerPC among many others. The communication protocols are also deep end stuff like ZigBee SDR and BLE.

Steps to conduct an IOT penetration testing

Determine the protocols and their weaknesses

The tester is able to find out what kind of information is a low hanging fruit for hackers to capture and
exploit to gain access to the system.

Conduct web app security testing to check for vulnerabilities to exploit

Basic and advanced web application security testing will identify any weaknesses found within web based applications, API’s or client the configuration of the device being tested.

Find a back door into system

Using the pen testing tools embedded, testers have to find a backdoor into the system just like a real life hacker would.

Testing obscure OS instances

Whether the device is running linux based OS or some on-off operating system, the tester has to find any weaknesses in the OS if any. Other times devices lack any OS in the first place in which case the application has to be fully decompiled to determine if vulnerable.

Reverse engineer applications to check for vulnerabilities

A penetration tester has to be good at network security, web testing, embedded engineering, testing obscure OS instances, and reverse engineering apps. For one to pull off this kind of test effectively, they have to be well versed with all of the above areas or work in teams to complement each other skills.
While this is only the tip of the iceberg of what there is to know about IoT penetration tests, thisis basically what is done.

Standards and Methodologies

There are a number of standards for penetration testing, typically for IoT devices you would want to refer to the OWASP project and ensure any testing you conduct (or use a 3rd party for) is manual. Automated tools can be used as part of the process but the basis of the testing should approached by an pen tester with a similar hacker mindset of a real hacker.

We hope this has helped provide an overview for those wishing to conduct a IoT penetration test, if you have an questions please drop me a comment below and I will do my best to get back to you with a day or two.