How do ethical hackers test IoT security?

The Internet of Things (IoT) gives us so many new opportunities to understand and manage our impact on the world around us. It promises unprecedented potential to create a more sustainable way for billions of human beings to live on the planet. 

But for ethical hackers, the Internet of Things is also a bit of a headache. Every organisation using IoT devices now has an ever-growing network of endpoints, some of which transmit data to centralised pools, and some of which don’t. Every endpoint could become a vulnerability if it’s not adequately protected and monitored. 

So what are the steps for organising an effective pen testing program across IoT devices and networks – and what can you expect when you hire an ethical hacker? 

1. A lot of planning and information gathering 

First, ethical hackers need to scope out the project; they’ll need to obtain authorisation from the network owner, based on clearly defined assessment goals and targets. 

They’ll work to understand the legal and ethical considerations that they’ll need to factor in to ensure compliance with both the client organisation’s policies, and any external regulating bodies.

Then they can move into an information gathering phase to collect as much information as possible about the network and all target IoT devices included in the scope of the project. 

All of this positions the pen tester to launch their vulnerability assessment in order to gain a strong understanding of potential weaknesses that need to be explored in more depth during the operation.

2. Penetration testing 

By the time the hacker reaches the launch of a penetration test, they’ve already done a lot of work. They’ll attempt to exploit vulnerabilities they identified in the information gathering stage – without actually causing any harm. 

For a pen test focusing on IoT networks, they might attempt to exploit:

• Weak credentials
• Unencrypted data transmissions
• Vulnerabilities in firmware

3. In-depth analysis of firmware and network 

The firmware installed on each IoT device will also come under scrutiny, and reverse engineering techniques are often used to explore potential vulnerabilities here. 

An ethical hacker might extract readable characters from binary files; analyse that content for sensitive information or hard-coded credentials; and identify possible vulnerabilities that arise during the boot process, or in device authentication mechanisms. 

4. Clear reporting and security recommendations

As part of a comprehensive pen testing strategy, the hacker will also assess the effectiveness of existing security measures within the organisation. 

For IoT security, they’ll assess the encryption implementation for data both in transit and at rest; check the effectiveness of authentication and authorisation mechanisms; and verify that firmware update processes are working effectively. 

Then your pen testing operation will move into the reporting stage. The ethical hacker will put together a detailed report that covers all their findings, and they’ll develop a set of recommendations for actions that would improve your IoT security. 

5. Expand communications outwards 

When internal reporting is complete, it’s really valuable both for your organisation, and for your wider industry and the security community in general, to communicate beyond your own team.

You might share communication responsibilities with your pen tester, or they might handle some or all of the external comms for you. Either way, you might: 

• Report any discovered vulnerabilities to IoT device manufacturers.
• Distribute some of your findings to open-source communities, manufacturers, or security associations to support the development of IoT security standards and guidelines.
• Share discoveries, insights, and ideas for best practices with the ethical hacking community. 

When you bring an ethical hacker in to evaluate your IoT security, they’ll systematically assess your current position and guide you towards critical improvements.