IoT Security Testing

SecOrigin can provide you tailored penetration testing services – which will fulfill your requirements. SecOrigin’s specialized subject-matter experts will help uncover vulnerabilities in your product which you would typically miss in your testing. We have developed in-house methodology to test your IoT device in and out. We will cover all the layer in terms of coverage from Firmware to software defined radio layer. We will use IoT OWASP 2018 to pen test IoT devices.

IoT Ecosystem coverage under SecOrigin Pentest:

  • Firmware
  • Hardware
  • Mobile App
  • Web & API and Cloud
  • Software defined radio
Phase 1
Firmware Analysis
  • Binary Analysis
  • Reverse Engineering
  • Analyzing different file system
  • Sensitive key and certificates
  • Firmware Modification
Phase 2
Hardware Layer Analysis
  • Internal communications Protocols like UART,I2C, SPI etc.
  • Open ports
  • JTAG debugging
  • Exacting Firmware from EEPROM or FLASH memory
  • Tampering
Phase 3
Mobile App Analysis
  • .apk and .Ios Source code review
  • Application reversing
  • Mobile OWASP Top 2016
Phase 4
Web , API & Cloud Layer Analysis
  • Web dashboards- XSS, IDOR, Injections
  • Hardcoded api keys
  •  Cloud Credentials like MQTT, CoAP, AWS etc.
  • Cloud configuration Review
  • API OWASP Top 2019, OWASP Web 2021
Phase 5
Software Defined Layer Analysis
  • Exploitation of communication protocols
  •  BLE,Zigbee,LoRA,6LoWPAN
  • Sniffing Radio packets
  • Jamming based attacks
  • Modifying and replaying packets
Our Services

Vulnerability Management

Read More

Assessment

Read More

Cloud Security

Read More

Security Compliances

Read More

Source Code Review

Read More

Digital Forensics

Read More

Contact Us