IoT Penetration Testing

Depending on what industry you are in -

  • Smart Home Automation
  • Medical / Healthcare 
  • Industrial Control Systems 
  • Wearable 
  • Energy/Utility 
  • Automotive
  • Retail  
  • Enterprise IoT 

Attify can provide you tailored penetration testing services - which will fulfill your requirements. 

Attify's specialized subject-matter experts will help uncover vulnerabilities in your product which you would typically miss in your testing. 



As early as possible.

However, Attify can work with you at all the different stages of your product life cycle:

  1. Planning and pre-development phase
    1. Helping you design a secure architecture 
    2. Integrating continuous IoT security testing in your DevOps cycle 
    3. Recommending best practices for the developers to be followed
  2. During development
    1. Iteratively assess your solution for security issues 
    2. Continuous Secure code review 
    3. Involving security as part of an automated process
  3. Post-development and post-shipping
    1. Conducting pentests for all major releases   
    2. Managing the security program and interacting with external researchers 
    3. Patch management and security updates recommendations


Our approach to pentesting

Attify offers a complete security assessment and penetration testing through our unique offering of Attacker Simulated Exploitation for IoT solutions.

This involves our security researchers compromising your system and devices with an attacker’s mindset, thus revealing any possible security holes that might lead to a security breach of your IoT device. 

In most of the cases even though devices share similar types of vulnerabilities, we often devote our time into unique ways of exploitation, and into things such as combining two lesser critical vulnerabilities to result in a major compromise. 



Attify is extremely selective in deciding whom to work with, and we only work with clients whom we believe we can really provide enormous value. 

This is why the initial call is important. Some of the topics that we cover during the call are - 

Scope of the penetration testing engagement
What are your biggest fears regarding security of your solution
Your organization's current security posture
Explaining about our penetration testing methodology for your product
Expected time duration and financials

Since each company is unique, we want to serve you in the most unique way possible which gets you the best results, instead of serving a generalized pentest offering.   


WHAT kind of companies do we work with?

We work with all kind of companies - the most common being VC-backed startups and businesses entering into the IoT space. 

We like working with organizations where security is given importance rather than just being a mandate. 



Reach out to us using the contact form below.

We have decided to make our pricing for the engagements transparent instead of spending time negotiating back-and-forth and rather focusing on the engagement. 


Components involved 

A typical IoT penetration test (Attacker Simulated Exploitation) would involve the following components:

  • Attack Surface Mapping
    • Our entire team spends between 1-2 days to perform an in-depth Attack Surface Map of your solution. 
    • In this stage, we prepare a highly detailed architecture diagram highlighting all the possible entry points for a malicious dedicated attacker.  
  • Firmware reverse engineering and binary exploitation
    • Reverse engineering firmware binaries
    • Encryption analysis and Obfuscation techniques in use
    • 3rd party libraries and SDKs
    • Binary reverse engineering and exploitation
    • Debugging binaries to gain sensitive info 
  • Hardware based exploitation
    • Assessing hardware communication protocols such as UART, SPI, I2C etc.
    • JTAG debugging and exploitation
    • Logic sniffing and bus tampering
    • Dumping sensitive information and firmware 
    • Proprietary communication protocol reversing 
    • Tampering protection mechanisms
    • Glitching and Side-Channel attacks
    • Security features included in the hardware 
  • Web, Mobile and Cloud vulnerabilities
    • Vulnerabilities in the web dashboard - XSS, Injection based attacks, IDOR, Authorization and Authentication bugs and more 
    • Mobile application security issues identification and exploitation for Android and iOS - Platform related security issues, App reversing, Binary instrumentation techniques to gain sensitive information etc.
    • API based security issues 
    • Cloud-based and vulnerabilities in the backend systems 
  • Radio security analysis
    • Assessment of radio communication protocols
    • Sniffing the radio packets being transmitted and received
    • Modifying and replaying the packets for device takeover attacks
    • Jamming based attacks
    • Accessing the encryption key through various techniques  
    • Radio communication reversing for proprietary protocols 
    • Attacking protocol specific vulnerabilities
    • Exploiting communication protocols such as BLE, ZigBee, 6LoWPAN, zWave, LoRa etc. through insecurities and vulnerable implementations 
  • PII data security analysis (optional) 
    • Ensuring that customers data are kept with highest security standards 
    • Ensuring that no PII information is being leaked through any channels - web, mobile, hardware or radio 
    • Additional assessment of data-at-rest and data-at-transit 
    • Providing you with a PII report 
  • Report preparation
    • Preparing an in-depth report including both technical details, non-technical summary and an executive summary 
    • Providing you with all the scripts, Proof of Concepts, exploitation techniques, demos or code snippets that were created during the engagement 
    • Categorizing the vulnerabilities based on criticality for your given product and user use-case scenario  
  • Re-assessment
    • Once the bugs have been patched, we perform an in-depth reassessment to ensure that the bugs have been fixed security 
    • Also checking for the fact that the patches did not introduce any additional vulnerabilities 


Attify provides you an IoT Secure Product certification after the completion of the reassessment which signifies that a thorough penetration test was performed by Attify and the product is now secure. 


Want to know how an attacker can compromise your IoT product?

We'll tell you how. 

and help you fix the security issues
to create a safer and secure product which your users would love.



IoT Pentest



  • Delivered by Attify's Pentesters
  • In-depth Assessment guaranteed
  • Detailed Report with POCs
  • Recommendations and Mitigations
  • 1 Free Reassessment w/ Report
Manual + Automated

Notes on the pricing:

  • You will need to ship the devices to us at least 6 days before the engagement start date 
  • One of the technical team members from your team would need to attend the on-boarding call 
  • The exact number of days will be decided after discussing the project specifics 
  • Additional collaboration is possible to strengthen the security of the application post-pentesting 
  • The pentesting can be performed both pre-release and post-release of the solution