Doing the IOT Penetration Testing - The right Way! A few secrets that nobody tells you about IoT penetration testing…
Yogesh Ojha/Tata Consultancy Service
As IoT becomes more integral to our lives, the need to secure them grows. One thing the security industry is not talking very often is - IoT security. We talk very often about application security but very rarely, we talk about security in Hardware or in particular security in IoT. With application security, you as a penetration tester is confronted with a Windows or a Linux server, or a web application or even a TCP/UDP protocols. However, with IoT penetration testing, you have very uncommon architectures like ARM, PowerPC, MIPS, etc. Sometimes, you are even confronted with communication protocols like ZigBee, BLE, NFC, RFID, etc. and to make it more complex; many times hardware device manufacturers do have their custom RF frequencies. These require new expertise and several toolsets that are very uncommon. It is no wonder that traditional penetration testers can get completely lost in the world of embedded devices security and their protocols.
This talk is going to be a helpful resource to help you become IoT Penetration tester.