en flag +1 214 306 68 37
Penetration Testing of Mobile IoT apps and Smart Security Cameras

Penetration Testing of Mobile IoT apps and Smart Security Cameras

Industry
Software products
Technologies
Other

Customer

The Customer is a US-based IoT provider whose market offer includes a proprietary IoT development platform and a wide range of IoT smart devices. Among their key clients are Schneider Electric, Phillips, and Lenovo.

Challenge

The Customer wanted to make sure that their products – 2 types of security cameras as well as iOS and Android apps enabling the remote control of IoT devices – had no security vulnerabilities. They specifically wanted to confirm that when both the apps and the cameras connect to the AWS cloud, all the data traffic is communicated via the US servers only, thus excluding the risks of data leaks to other countries.

Solution

The Customer turned to ScienceSoft to run penetration testing using black box and gray box offender models. ScienceSoft assembled a team of a project manager, 2 penetration testing engineers, and a senior security testing engineer. The team performed comprehensive penetration testing in accordance with the best practices and recommendations from OWAST Mobile Testing Guide, NIST 800-86, and NIST 800-115.

While the penetration tests confirmed that the IoT apps and security cameras communicated with the AWS cloud solely via the US servers, they also uncovered some minor vulnerabilities in the Customer’s software and smart devices. The threat classification that ScienceSoft’s testing engineers used in the final test protocol was based on standards from Common Vulnerability Scoring System (CVSS) and OWAST Mobile TOP10.

The team completed penetration testing in just 5 working days.

Results

ScienceSoft delivered the final report with found minor vulnerabilities and recommendations on how to handle them. As the overall security level of the apps and devices was estimated as quite high, the Customer could confidently continue to provide their services.

Technologies and Tools

Wireshark, Nessus, tcpdump, Burp Suite, Nmap, Mobile Security Framework (MobSF), custom scripts (based on Python, C, and Perl) to exploit vulnerabilities.

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

More Case Studies