IoT/SCADA Pentest

The term Internet of Things (IoT) refers to the use of standard Internet protocols for the human-to-thing or thing-to-thing communication in embedded networks. An IoT network is one where devices, vehicles, buildings and other items integrate with electronics, software, sensors, and network connectivity which enables these objects to collect, exchange data and generally, communicate. The IoT concept applies already to many sectors:

  • Smart Home
  • Smart Cities
  • Medical & Healthcare
  • Industrial Control Systems & Industry 4.0
  • Energy
  • Wearables
  • Automotive

SpearIT provides IoT penetration testing services aligned with the OWASP IoT project.


1. Scoping

During this phase, an operational environment is discussed and established with the help of written/verbal communication & scoping questionnaires, defining:

  • Legislational/compliance obligations related to pentesting activities
  • Organizational cybersecurity-needs
  • Which ../assets of the organization are to be tested and which are excluded
  • Allowed types of attacks
  • Testing period and timezones
  • Means of communication


2. Attack Surface Mapping

A detailed architecture diagram of the IoT infrastructure is constructed, highlighting all the possible entry points an adversary can use to penetrate. Active & passive OSINT (Open Source Intelligence) techniques are used in combination with neutral observation actions in order to collect as much information as possible regarding the targets to be tested. The more the information, the most attack vectors can be crafted.

3. Binary & Firmware Analysis

The firmware residing inside the IoT devices, as well as any companion / utility software is reverse engineered to discover potential sensitive information. You need to handover the devices to our analysts for a specified period of time, in order to perform:

  • Application binaries decompilation
  • Firmware binaries reverse engineering
  • Encryption & obfuscation techniques analysis
  • Used 3rd party libraries analysis


4. Hardware & Software Exploitation

The main exploitation activities aim to take control of the IoT device(s) and perform a PoC-manipulation of the services the IoT network provides. These actions include:

  • Assessing hardware communication / interconnection protocols
  • Tampering protection mechanisms
  • Fuzzing & side-Channel attacks
  • Assessment & exploitation of wireless protocols
  • Attacking protocol specific vulnerabilities
  • Web application & API (hosted or cloud) vulnerability exploitation (incl. OWASP Top10)
  • Desktop application vulnerability exploitation

5. Reporting

Reports are a crucial step in a penetration testing engagement as the cornerstone deliverable which provide meaningful insights regarding the security posture of your organization, along with remediation recommendation for each detected risk. Our reports are built upon the following elements:

  • Executive summary for the management board, C-level executives
  • Intelligence report for mid-level roles
  • Detailed Technical report regarding the findings
  • Prioritized risk-based reporting
  • Traceability steps for each finding (traceID ™)
  • Security readiness badge (SpearBadge ™)
  • Remediation recommendations

6. Mitigation Verification

SpearIT can additionally offer mitigation verification services, which are executed after a penetration test report delivery and ensure the continuous and proper security readiness of your organization against known threats. The verification procedure aims to approve the proper implementation of the proposed mitigation measures and to detect any new vulnerability which may arise from the reconfiguration activities which would probably occur in the context of mitigation.

Ready to assess your IoT/SCADA infrastructure?

Contact Us!

Latest News

Cypriot National eID becomes pre-notified

SpearIT is pleased to announce that the first Cypriot electronic identification (eID) scheme has now been pre-notified in the eIDAS Cooperation Network...

Read More

Comparisson of the Notification Activities Between the Two Data Protection Regulations for EUIs

On 11 December 2018, Regulation (EU) 2018/1725 aka "GDPR for EUIs" came into force, replacing the older Regulation (EC) 45/2001....

Read More

Renewed Data Protection Regulation for EU Agencies

On 11 December 2018, Regulation (EU) 2018/1725 aka "GDPR for EUIs" came into force, replacing the older Regulation (EC) 45/2001....

Read More