IoT environments audits

Connected objects and the Internet of Things

Networks of strong connected objects tend to flood the business world. In a report from May 2019, Strategy Analytics predicts that over 38 billion objects will be connected by 2025. This is why, at AlgoSecure, we have taken the lead on this technological breakthrough; on the one hand, by participating in research on the security of connected objects, and on the other hand, by offering services of audit of connected objects and IoT environment.

Audit of connected objects

A first part of the audit evaluates the physical security of the object, while a second part evaluates the software security of the object

  • In the physical or hardware audit, we identify the components that could provide access to the object's administration and/or data. We use techniques of reverse-engineering considered as invasive (direct access to electronic components) or by side channels (power consumption, radio signal, temperature...).
  • In the software or software audit, we identify vulnerabilities or information leakages allowing an attacker to take control of the object or access sensitive information. Several techniques of reverse-engineering are used for this audit, such as memory or firmware extraction, data corruption, buffer overflow, etc.

audit-iot

IoT environments audits

Auditing networks of connected objects allows us to evaluate the security of communications between objects. We focus on the protocol(s) deployed and the role of each object in the network.

  1. To do this, we have a passive approach based on listening and intercepting communications (eavesdropping and sniffing).
  2. We are analyzing these traffic captures to identify vulnerabilities that allow an attacker to manipulate the data being transmitted.
  3. Then we test the security of the network against traffic injection from an object under our control (grey box) or outside the network (black box).
  4. Finally, we propose a network modeling to highlight critical objects requiring a higher level of security.

Audit of connected object management interfaces

Depending on the targeted management interface, the approach used will be different.

Indeed, when the network of connected objects is controlled from a mobile application, we will use the approach of a mobile application audit. However, if the network monitoring is done from the cloud, we will take the approach of a web application audit.

You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.