Internet of Things (IOT) Security

The Internet-of-Things (IOT) is a new market where different developers have exploited cheap electronics to provide internet-connectivity to a large number of household and office devices. We can now control lights, central-heating, hot water, cameras and our kettles, from any device that can obtain an IP address.

This area of security has become more prevalent since October 2016 thanks to the botnet 'Mirai' that used default credentials in IOT devices to spread and infect over 2.3 million devices across the globe. These compromised IOT devices were then used to cause a Distributed-Denial-of-Service (DDoS) attack against DNS provider DYN, which affected most of the Internet traffic in northern America.

IOT devices can communicate over a number of different mediums and protocols our team are well versed in:

 Bluetooth
 WiFi
 GSM
 Zigbee
 Radio
wifi pineapple image
Figure 1: The WiFi-Pineapple for commonly used to attack WiFi enabled devices
ubertooth image
Figure 2: Ubertooth used to dissect the bluetooth protocols for security testing
A lot of our IOT testing methodology overlaps with our current WiFi Assessment and Mobile Application Testing methodologies. So be sure to check them out.