IoT pentest



The IoT pentest uses reverse engineering techniques, web attacks and system attacks in order to comprehensively analyze the security of the connected object and its ecosystem.

The auditor, in possession of the object to be analyzed, will for example try to discover hard-coded accounts in the firmware, will attack possible open network services or exploit vulnerabilities in exposed web interfaces. Communications with a backend can also be analyzed.

Depending on the type of equipment and the purpose of the mission, physical attacks (access to a console port for example) or application attacks (Android, iOS) can be envisaged.

    Vecteezy.com

    In which cases should you choose the connected object intrusion test?

    Measure the security and impact of a connected object in the company network.

    Ensure the robustness of the object against reverse engineering by a malicious third party (competitors, hackers).

    Mission organization

    An initiation meeting makes it possible to identify the needs and scope of the mission, as well as any constraints.

    A legal mandate between the different parties is published in order to supervise DSecBypasss audit service.

    The consultant in charge of the mission can be reached at any time during its execution and informs the customer in the event of a critical discovery.

    g

    Penetration test results

    The deliverables of the mission include a report as well as two optional restitutions.

    The report includes a summary of the results as well as the details of the identified vulnerabilities and recommendations.

    The technical restitution is an opportunity for the consultant to present his approach and his results in an interactive way, and to discuss with the client and his teams on the action plan. Managerial restitution makes it possible to address an executive audience.