Securing IoT (Internet of Things) systems poses a significant challenge due to its exponentially increased usage alongside various other unique complexities. It is no longer possible to ignore the integration of IoT in smart homes, smart cities, health systems and, of course, 4.0 Industries, which are named IIoT (Industrial Internet of Things).
One of the complexities involved in IoT penetration testing is that security flaws must be searched for throughout the entire ecosystem the device operates in, for instance: hardware, embedded software, communication protocols, servers, mobile apps, APIs and web interfaces. Hence, the tests must include a wide range of technologies and address various potential attack points.
To create an industrial standard for IoT PT, international bodies began standardizing the subject, for example, NIST 1800-32, MITER and OWASP – a leading body in penetration tests methodology. Thus, the list of the Top 10 topics to test for IoT systems was determined, as follows:
- Detecting weak, or hard-coded passwords
- Detecting non-hardened network services
- The abusability of non-hardened interfaces
- Checking the security update mechanism
- Determining whether an unsecured open-source coding is used and what is its vulnerability level
- Checking how the user’s personal information is saved on the device or the system.
- Determining the hardening level of data transfer through the network
- Checking the manageability of devices, including updates and monitoring
- Are unhardened default settings used?
- What is the device’s physical hardening level?
Test Steps
First step – Defining test scope, i.e., goals and the test environment
Second step – Performing hardware penetration tests:
- Connecting to circuits in various methods, like UART
- Firmware tests
- Cracking passwords
- Attempting to perform reverse engineering
- Examining the ability to make firmware changes
- Backdoor detection
Third stage – A variety of tests on communication types, for example: RFID, NFC, ZigBee, Bluetooth, Wi-Fi and LoRa
- Sniffing radio wave traffic
- Cryptographic analysis
- Testing for Man-in-the-Middle vulnerabilities
- Examining the system’s resistance to Denial-of-Service attacks
Fourth step – Many companies owe their performance of penetration tests to their desire to enter the American market. They must also meet the standards set by HIPAA and the FDA. These medical systems are called IoMT – the Internet of Medical Things.
In these cases, the report must include some additional elements, such as:
Security Risk Management
- Threat Modelling
- Third-Party Software Components
- Security Assessment of Unresolved Anomalies
- Security Risk Management Documentation
- TPLC – Total Product Life Cycle
Security Architecture
- Implementation of Security Controls
- Security Architecture Views
Madsec has a dedicated laboratory for testing IoT/IIoT/IoMT systems, a long list of recommendations and extensive experience.
