IOT Testing

ProCheckUp can help you secure your IoT devices with our IoT testing and certification solutions. 

We have a state of the art IoT laboratory which enables us to address the increasing risks posed by technology developments in the area of connected devices.We also offer assurance for IoT functionality.

 

 

ProCheckUp uses the following IoT testing methodology:

Mapping the attack surface

This step helps the architecture of the solution to be understood, and helps establish the various tests that would be run on the product, sorted by priority.

 

The architecture can broadly be divided into three categories: 

1)         Embedded device

These devices include hubs, smart lightbulbs, motion sensors, smart switches and additional connected devices.

2)         Firmware, software and applications

After hardware testing the next component to be tested is software.

This includes firmware running on the device, mobile applications which are used to manage the device and the cloud components connected to the device.

3)         Radio communications

Radio communications provide a way for some devices to communicate with each other. Some of the radio communications used are Cellular , Wi-Fi, Bluetooth low energy, Zigbee, Z-Wave and more

 

Embedded device – hardware analysis

This stage allows us to understand the devices hardware from a security perspective by using both internal and external analysis. This consists of two stages: -

External Analysis

Cellular , Wi-Fi, Bluetooth low energy, Zigbee, Z-Wave and more

 

Internal Analysis

Internal interfaces, USB, Serial, JTAG SPI

 

 

Embedded device – Gaining shell access

 At this stage we would attempt to gain shell access to the device, using the following techniques:-

Ethernet Exploitation

Protocol implementation weakness.

 

Wireless Exploitation

HackRF, KillerBee, Ubertooth

 

USB Exploitation

PoisonTap, BashBunny and Facedancer21

 

UART Exploitation

Identifying the connections, identifying the baud rate, interacting with the device to gain a shell

 

I2C/SPI Exploitation

Identifying the connections,  reading writing to the EEPROM

 

JTAG Exploitation

Identifying the connections,  reading writing to the EEPROM. Reading memory contents. Analysing binaries.

 

 

Embedded device – Firmware Analysis

From a security perspective, firmware is the most critical component of an embedded device. Firmware resides on the non-volatile section of the device, allowing and enabling the device to perform different tasks required for the functioning of the device.

 

Obtaining the firmware

Downloading from the Internet

Extracting from the device

Sniffing during an update

Reversing applications

    

Extracting firmware

Manual method

Automated method - binwalk

 

Looking for hardcoded secrets

firmwalker

credentials, backdoor, sensitive URLS, access tokens, local pathnames

 

Embedded device – Backdooring the firmware

Backdooring the firmware is one of the main security issues which IoT devices face

Perform integrity checks and signature validation.

 

Firmware, software and applications - Auditing the file system and programs in use

At this stage, the operating system is audited to ensure that industry hardening best practices are followed.

 

User Interface audit - Web/iOS/Android/API/thick client

Mobile application tests

 

Firmware release diffing

 

Key management audit

 

Data store audit

 

Cloud and supporting network audit

 

Firmware, software and applications - Analysing binaries

Disassembly and emulation of firmware binaries, running the binaries so we can analyse/exploit them.

 

Firmware, software and applications - Exploiting binaries

Looking for security vulnerabilities within the binaries/setting breakpoints, and creating exploits.

 

Please contact us for more information on how ProCheckUp IOT Testing Services can help you.


ACCREDITATIONS