ScienceSoft Global Menu icon Go to ScienceSoft Global

April 8–10: ScienceSoft is participating in DMEA 2025 in Berlin. Meet us there!

email contact@scnsoft.com en flag +1 214 306 68 37
en flag +1 214 306 68 37
Contact us
Penetration Testing of Mobile IoT apps and Smart Security Cameras

Penetration Testing of Mobile IoT apps and Smart Security Cameras

Industry
Software products
Technologies
Other

Customer

The Customer is a US-based IoT provider whose market offer includes a proprietary IoT development platform and a wide range of IoT smart devices. Among their key clients are Schneider Electric, Phillips, and Lenovo.

Challenge

The Customer wanted to make sure that their products – 2 types of security cameras as well as iOS and Android apps enabling the remote control of IoT devices – had no security vulnerabilities. They specifically wanted to confirm that when both the apps and the cameras connect to the AWS cloud, all the data traffic is communicated via the US servers only, thus excluding the risks of data leaks to other countries.

Solution

The Customer turned to ScienceSoft to run penetration testing using black box and gray box offender models. ScienceSoft assembled a team of a project manager, 2 penetration testing engineers, and a senior security testing engineer. The team performed comprehensive penetration testing in accordance with the best practices and recommendations from OWAST Mobile Testing Guide, NIST 800-86, and NIST 800-115.

While the penetration tests confirmed that the IoT apps and security cameras communicated with the AWS cloud solely via the US servers, they also uncovered some minor vulnerabilities in the Customer’s software and smart devices. The threat classification that ScienceSoft’s testing engineers used in the final test protocol was based on standards from Common Vulnerability Scoring System (CVSS) and OWAST Mobile TOP10.

The team completed penetration testing in just 5 working days.

Results

ScienceSoft delivered the final report with found minor vulnerabilities and recommendations on how to handle them. As the overall security level of the apps and devices was estimated as quite high, the Customer could confidently continue to provide their services.

Technologies and Tools

Wireshark, Nessus, tcpdump, Burp Suite, Nmap, Mobile Security Framework (MobSF), custom scripts (based on Python, C, and Perl) to exploit vulnerabilities.

Have a question to our team or need help with your project?

Our team is ready to provide client references, estimate your project, or answer any other question related to your IT initiative.

Upload file

Drag and drop or to upload your file(s)

?

Max file size 10MB, up to 5 files and 20MB total

Supported formats:

doc, docx, xls, xlsx, ppt, pptx, pps, ppsx, odp, jpeg, jpg, png, psd, webp, svg, mp3, mp4, webm, odt, ods, pdf, rtf, txt, csv, log

Get in touch instantly

Call us Email us WhatsApp Live chat

More Case Studies

Mental Health Software Revamp to Improve Security and Performance for NGO Serving 15,000+ Patients

Mental Health Software Revamp to Improve Security and Performance for NGO Serving 15,000+ Patients

ScienceSoft modernized a suite of mental health software for a US NGO serving over 15,000 patients. We conducted UX and code audits, refactored and redeveloped software components, migrated valuable research data, implemented UX/UI updates, and delivered new features.

Project details
All-Around Audit of a Core Banking System for a Commercial Bank with $5B in Assets

All-Around Audit of a Core Banking System for a Commercial Bank with $5B in Assets

In just 4 weeks, ScienceSoft audited the core banking system of a commercial bank serving more than 5 million customers. The bank received a detailed report on the revealed issues and ways to ensure the system’s stable performance, scalability, and cost-effectiveness.

Project details