There are usually many different components to an Internet of Things (IoT) system. Consider a Smart Doorbell, a typical system might include: the doorbell button, the doorbell sounder, the hub to connect it to a router and the Internet, the cloud application, the cloud infrastructure, the mobile app, and maybe even a web app.
At You Gotta Hack That, we specialise in helping you to secure the whole system by dividing it into easy to consume chunks, prioritising the most important parts and always putting findings into the context of the wider system.
We also perform specialist activities that are unusual in other types of penetration testing such as hardware hacking, firmware analysis and protocol analysis.
Unlike "normal" penetration testing, IoT security assessments require a detailed look at how the hardware is protected. This is because in the vast majority of cases, the device is going to be situated outside the protective environment provided by the manufacturer. The hardware itself is physically attacked to determine how susceptible it is to compromise
Once the physical assessment is complete, the firmware is acquired in order to search for vulnerabilities and weaknessess within the software running on the device. This work can lead to an incredibly wide range of outcomes depending on a number of factors including what the IoT system does.
Networking is the cornerstone of the IoT world, but, this very connectedness is also one of its biggest weaknesses. IoT systems can be implemented with such a huge range of communications technologies and each has its own set of concerns and risks. Protocol analysis looks at the way communications have been implemented to determine what the impact would be on manipulating messages sent to and from the device.