Connected objects and the Internet of Things
Connected objects occupy a growing place in the information systems of companies and communities, and their number is expected to exceed 29 billion by 2027 (source: IoT Analytics, 2024). This evolution raises major cybersecurity challenges. According to a report published by ENISA (European Agency for Cybersecurity), the diversity and sophistication of attacks targeting IoT devices (particularly in critical domains like health, energy, or transport) are constantly increasing. The growing integration of embedded artificial intelligence (Edge AI) and local data processing further reinforces the complexity of threats. In the absence of security by design, these objects often become the weak link of the system.Audit of connected objects
A first part of the audit evaluates the physical security of the object, while a second part evaluates the software security of the object
- In the physical or hardware audit, we identify the components that could provide access to the object's administration and/or data. We use techniques of reverse-engineering considered as invasive (direct access to electronic components) or by side channels (power consumption, radio signal, temperature...).
- In the software or software audit, we identify vulnerabilities or information leakages allowing an attacker to take control of the object or access sensitive information. Several techniques of reverse-engineering are used for this audit, such as memory or firmware extraction, data corruption, buffer overflow, etc.
IoT environments audits
Auditing networks of connected objects allows us to evaluate the security of communications between objects. We focus on the protocol(s) deployed and the role of each object in the network.
- To do this, we have a passive approach based on listening and intercepting communications (eavesdropping and sniffing).
- We are analyzing these traffic captures to identify vulnerabilities that allow an attacker to manipulate the data being transmitted.
- Then we test the security of the network against traffic injection from an object under our control (grey box) or outside the network (black box).
- Finally, we propose a network modeling to highlight critical objects requiring a higher level of security.
Audit of connected object management interfaces
Depending on the targeted management interface, the approach used will be different.
Indeed, when the network of connected objects is controlled from a mobile application, we will use the approach of a mobile application audit. However, if the network monitoring is done from the cloud, we will take the approach of a web application audit.
Other pages that might interest you :
Industrial systems audits
We audit your industrial control systems from the security policy and network isolation point of view.
Security audits and pentests
We audit your information systems to reveal vulnerabilities: these are our penetration testing engagements.
Reverse engineering
We reverse-engineer software in order to understand their modus operandi an try to divert them from it.
Contact : 04 26 78 24 86 | Follow us on 
Specialists in information security and pentest in Lyon, Paris, Saint-Etienne and throughout France
You've enabled "Do Not Track" in your browser, we respect that choice and don't track your visit on our website.