The term “Internet of Things (IoT)” has become an integral part of our professional and private lives in recent years. “Things” are network-connected products (“smart devices”) that are being used more and more frequently in business, industrial and private environments. Examples include smart home components, IP surveillance cameras, as well as network-attached drilling tools with automatic wear compensation. This consequentially means: IoT devices cannot function without a network connection.
However, this connection inevitably raises the question: Is the whole construct behind it also secure, for example, against cyber attacks? One thing is certain: During development, not only the functions but also the IT security must be considered through testing. Comprehensive IoT penetration tests can become a cost driver − especially for SMEs. The scenario-based approach for efficient security testing of IoT devices outlined here defines a focused scope of testing in five steps. Manufacturers can thus, use a prioritisation matrix to apply a budget- and security-conscious approach when conducting IoT penetration tests.
Your expert for questions
Dr. Oliver Hanka
Director, PwC Germany
Tel: +49 160 510-5836
Penetration tests are often performed comprehensively to find as many potential vulnerabilities as possible. In contrast to this “broad” method, the concept presented here takes a more “focused” approach. Inspired by the IT basic protection methodology (IT-Grundschutz-Methodik) of the German federal office for information security (Bundesamt für Sicherheit in der Informationstechnik, BSI), the scenario-based IoT penetration test is intended to provide a “core safeguard”. The following applies to all sub-steps: It is recommended to follow the suggested sequence. However, it is possible to jump forward or backward from an analysis step.
The first step deals with the question of what can happen in the worst case: The IoT device has a vulnerability in its primary functions, which is exploited.
An example: A hacker manages to hack an IP surveillance camera and thus to penetrate the private sphere of an apartment or - in a business environment - deliberately switches off the camera.
Step two focuses on the attacker's approach. This also brings the subcomponents and interfaces of the IoT product into focus. If we stay with the “surveillance camera is manipulated remotely” scenario, the worst case could occur in the following ways:
This would already identify central points of the focused test list:
The third step sheds light on which attack paths have a high probability of being targeted by a hacker and should therefore be prioritised for IoT penetration testing. Guiding questions can be:
Based on these questions, you can determine, for example, that in the case of the surveillance camera, an attack via the Internet on the web interface is very likely.
Step four shifts focus towards the subcomponents and interfaces that enable various functions of the IoT device. Examples of a “typical” set-up for IoT devices are:
In step five, a focused plan for the penetration test of the IoT device emerges. A matrix (see figure) serves as orientation for this, which shows, among other things, the following:
In the context of an IoT penetration test for the IP surveillance camera, for example, the focus would be on the access to the web application via the Internet. In conclusion, regardless if a device is fully tested for security or “only” in a focused and scenario-based manner, IoT penetration tests should become a natural and integral part of every development process in the near future.
Further information on the topic can be found here: “Erlijn van Genuchten und Oliver Grasmück, IoT-Geräte gezielt absichern, in: A. Sowa (Hrsg.), IT-Prüfung, Datenschutzaudit und Kennzahlen für die Sicherheit, Springer Vieweg: 2020”.
“Regardless if a device is fully tested for security or 'only' in a focused and scenario-based manner, IoT penetration tests should become a natural and integral part of every development process in the near future.”