The Best Testing Strategy for IoT Penetration

According to Gartner, over 65% of enterprises will adopt IoT solutions by the year 2020 and the total number of connected “things” installed globally will go over the 20 billion mark. But along with the convenience to the common man and productivity for businesses, IoT brings with it, major security threats such as loss of control over devices, and breach of sensitive information. Penetration testing is the most effective solution for guaranteeing the safety and security of an IoT network.


IoT and its Components

A typical IoT solution comprises components that are connected to a network to share data. These components include:

• Things – These can be smart devices, actuators, sensors.
• IoT field Gateways– These are the border elements that connect the things and cloud portion of the IoT system.
• Cloud Gateways – These comprise components that facilitate data compression and transmission between gateways and the cloud servers.
• Data Storage – This consists of a data lake (to store unstructured data “streams”), big data warehouse (to store structured data as well as contextual data about devices and sensors).
• Machine Learning – This helps generate, and update models based on historical data from the data warehouse used by control applications.
• Control Applications – These applications send commands and alerts automatically to actuators.

All these components are easy targets for hackers. A smart device may have hidden account details with a complex password, but cybercriminals can access it by hacking SSH or Telnet protocols. IoT field gateways have high processing power combined with complex software making them the most vulnerable to exploitation. Most companies use third-party cloud service providers in which case the cloud security responsibility is shared between the company and the service provider. Full-scale IoT penetration testing must go beyond just smart devices and cover all IoT system elements.


Common Attacks on IoT systems

The IoT attack areas include the combination of security flaws in all IoT devices and systems. The main IoT system attack areas are:

► Applications, Software, and Firmware – Web applications and associated software of IoT systems may be vulnerable to malicious attacks on sensitive user credentials.
► Embedded Devices – Main vulnerabilities found in embedded devices include weak authentication, vulnerable serial ports, and external media-based attacks.
► Communication channels – IoT communication channels are prone to spoofing, Denial of Service attacks, radio communication interception, and replay-based attacks.


What Is IoT Penetration Testing and Why Is It Needed?

Simply put, penetration testing is adopted to identify potential attacks and vulnerabilities on IoT systems. An IoT penetration testing strategy aims to expose all possible techniques an attacker can use to breach the system by deploying a layered methodology.

There are several advantages of penetration testing in IoT systems such as:

• Reduces risk of security compromise.
• Fortifies device security.
• Promotes better data and user privacy.
• Protection against unauthorized usage.
• Sets a strong encryption system to prevent man-in-the-middle attacks.
• Prevents misuse of privileges


Key Areas to Cover in IoT Penetration Testing

Crucial areas of IoT components covered by penetration testers are

• Test all the exposed ports such as UART, SWD, and JTAG to allow testers to get root access, modify sensitive data and obtain root access
• Check for the absence of proper user rights allocation
• Test for improper assignment of root/admin credentials
• Check external peripheral devices such as a keyboard and mouse as they are connected via USB and may contain vulnerabilities
• Include each element of the IoT system in the penetration testing scope
• Conduct physical security and social engineering tests to ensure that all physical assets are properly secured
• Incorporate Threat Modeling technique to mitigate basic threats to the system such as denial of service, highjack, spoofing, and alteration of BIOS

Steps to Perform IoT Penetration

• IoT pen-testing involves testing the network, the applications, and the API. To pen test IoT devices effectively, the strategy must include the following best practices:
• The penetration testers must know about network security and understand what protocols are used and what data may be at risk.
• The tester must be able to perform regular web-based testing to find out any loopholes in the web-based system interfaces.
• The testers must utilize embedded engineering tools to test front and back door testing interfaces.
• All obscure and unlikely OS instances of the IoT system must be tested as some IoT devices may run Linux, some may run VxWorks, or Windows embedded, and so on.
• Reverse engineering and applications decompiling from firmware must be performed. Reverse engineering helps test devices that do not have an OS and are more open to malicious attacks.



Just like any other apps and network, penetration testing must be performed on IoT systems regularly. IoT solutions must be tested with every update or release to assess the impact it has on the device and the emergence of any new vulnerabilities since the last test.

Read More