Performing Penetration Tests on IoT/IIoT/IoMT systems

Securing IoT (Internet of Things) systems poses a significant challenge due to its exponentially increased usage alongside various other unique complexities. It is no longer possible to ignore the integration of IoT in smart homes, smart cities, health systems and, of course, 4.0 Industries, which are named IIoT (Industrial Internet of Things).
One of the complexities involved in IoT penetration testing is that security flaws must be searched for throughout the entire ecosystem the device operates in, for instance: hardware, embedded software, communication protocols, servers, mobile apps, APIs and web interfaces. Hence, the tests must include a wide range of technologies and address various potential attack points.
To create an industrial standard for IoT PT, international bodies began standardizing the subject, for example, NIST 1800-32, MITER and OWASP – a leading body in penetration tests methodology. Thus, the list of the Top 10 topics to test for IoT systems was determined, as follows:

  • Detecting weak, or hard-coded passwords
  • Detecting non-hardened network services
  • The abusability of non-hardened interfaces
  • Checking the security update mechanism
  • Determining whether an unsecured open-source coding is used and what is its vulnerability level
  • Checking how the user’s personal information is saved on the device or the system.
  • Determining the hardening level of data transfer through the network
  • Checking the manageability of devices, including updates and monitoring
  • Are unhardened default settings used?
  • What is the device’s physical hardening level?

Test Steps

First step – Defining test scope, i.e., goals and the test environment
Second step – Performing hardware penetration tests:

  • Connecting to circuits in various methods, like UART
  • Firmware tests
  • Cracking passwords
  • Attempting to perform reverse engineering
  • Examining the ability to make firmware changes
  • Backdoor detection

Third stage – A variety of tests on communication types, for example: RFID, NFC, ZigBee, Bluetooth, Wi-Fi and LoRa

  • Sniffing radio wave traffic
  • Cryptographic analysis
  • Testing for Man-in-the-Middle vulnerabilities
  • Examining the system’s resistance to Denial-of-Service attacks

Fourth step – Many companies owe their performance of penetration tests to their desire to enter the American market. They must also meet the standards set by HIPAA and the FDA. These medical systems are called IoMT – the Internet of Medical Things.
In these cases, the report must include some additional elements, such as:

Security Risk Management

  • Threat Modelling
  • Third-Party Software Components
  • Security Assessment of Unresolved Anomalies
  • Security Risk Management Documentation
  • TPLC – Total Product Life Cycle

Security Architecture

  • Implementation of Security Controls
  • Security Architecture Views

Madsec has a dedicated laboratory for testing IoT/IIoT/IoMT systems, a long list of recommendations and extensive experience.

/ 5.

More Articles

Unlocking IoT Secrets: Budget-friendly Cybersecurity Through SPI Flash Dumping

The article was written by Stas Yakobov, Head of Research & IoT at Madsec security Introduction In the rapidly evolving landscape of Internet of

The Six Rules of Planning a Cyber Strategy

Many Cyber Security Managers invest most of their time in ongoing operations, for instance: procurement and implementation of data security systems, employee cyber awareness

How to perform a risk survey for the OT/ICS environment?

What is OT (Operational Technology)? Hardware and software that identify and cause change through direct monitoring and control of industrial equipment, assets, and processes.Operational
Skip to content