ProCheckUp can help you secure your IoT devices with our IoT testing and certification solutions. 

We have a state of the art IoT laboratory which enables us to address the increasing risks posed by technology developments in the area of connected devices.We also offer assurance for IoT functionality.



ProCheckUp uses the following IoT testing methodology:

Mapping the attack surface

This step helps the architecture of the solution to be understood, and helps establish the various tests that would be run on the product, sorted by priority.


The architecture can broadly be divided into three categories: 

1)         Embedded device

These devices include hubs, smart lightbulbs, motion sensors, smart switches and additional connected devices.

2)         Firmware, software and applications

After hardware testing the next component to be tested is software.

This includes firmware running on the device, mobile applications which are used to manage the device and the cloud components connected to the device.

3)         Radio communications

Radio communications provide a way for some devices to communicate with each other. Some of the radio communications used are Cellular , Wi-Fi, Bluetooth low energy, Zigbee, Z-Wave and more


Embedded device – hardware analysis

This stage allows us to understand the devices hardware from a security perspective by using both internal and external analysis. This consists of two stages: -

External Analysis

Cellular , Wi-Fi, Bluetooth low energy, Zigbee, Z-Wave and more


Internal Analysis

Internal interfaces, USB, Serial, JTAG SPI



Embedded device – Gaining shell access

 At this stage we would attempt to gain shell access to the device, using the following techniques:-

Ethernet Exploitation

Protocol implementation weakness.


Wireless Exploitation

HackRF, KillerBee, Ubertooth


USB Exploitation

PoisonTap, BashBunny and Facedancer21


UART Exploitation

Identifying the connections, identifying the baud rate, interacting with the device to gain a shell


I2C/SPI Exploitation

Identifying the connections,  reading writing to the EEPROM


JTAG Exploitation

Identifying the connections,  reading writing to the EEPROM. Reading memory contents. Analysing binaries.



Embedded device – Firmware Analysis

From a security perspective, firmware is the most critical component of an embedded device. Firmware resides on the non-volatile section of the device, allowing and enabling the device to perform different tasks required for the functioning of the device.


Obtaining the firmware

Downloading from the Internet

Extracting from the device

Sniffing during an update

Reversing applications


Extracting firmware

Manual method

Automated method - binwalk


Looking for hardcoded secrets


credentials, backdoor, sensitive URLS, access tokens, local pathnames


Embedded device – Backdooring the firmware

Backdooring the firmware is one of the main security issues which IoT devices face

Perform integrity checks and signature validation.


Firmware, software and applications - Auditing the file system and programs in use

At this stage, the operating system is audited to ensure that industry hardening best practices are followed.


User Interface audit - Web/iOS/Android/API/thick client

Mobile application tests


Firmware release diffing


Key management audit


Data store audit


Cloud and supporting network audit


Firmware, software and applications - Analysing binaries

Disassembly and emulation of firmware binaries, running the binaries so we can analyse/exploit them.


Firmware, software and applications - Exploiting binaries

Looking for security vulnerabilities within the binaries/setting breakpoints, and creating exploits.


Please contact us for more information on how ProCheckUp IOT Testing Services can help you.

  • Envelope

    Get in touch

    Please contact us for more information on how ProCheckUp can help you.


Qualified Security Assessor
Approved Scanning Vendor
Cyber Essentials