IoT Penetration Test

Is your device secure?
We provide answers!

IoT Penetration Test Logo

Discover Vulnerabilities!

You are developing a connected device and want to know if it is secure?

Discover the weaknesses of your embedded device with the IoT penetration test. Whether it is a smart home product, a mobile health monitor or an networked industrial control system, we can test it.

As professional attackers, we test your device in a comprehensive pentetration test.

Know the weaknesses of your device before any attacker!

Contact us!

About us

Approved laboratory

The quality of our IoT penetration testing is demonstrated not only by our years of expertise but our professional competence is recognized by the german Federal Office for Security in Information Technology. As one of a few laboratories we are certified to examine IoT devices within the scope of the Beschleunigte Sicherheitszertifizierung (Accelerated Security Certification) and recommend the certification of devices.

Convinced customers

Our customers have trusted us for years. Siemens AG has been a loyal customer since 2016. In dozens of IoT penetration tests, we were able to identify numerous vulnerabilities, that could be fixed before market launch.

The german Federal Office for Information Security has had network protocols and IoT devices examined by us for years.

Protect your device and brand!

If a security vulnerability in your device is published, fast response is required. You must develop a patch and distribute it to your customers in the shortest possible time. This generates considerable effort for you and your customers!

Customer trust in your device and your brand is damaged.

Contact us!

Our principles

Individual approach

Whether it’s a networked surveillance camera, a smart TV or router: The individuality of embedded systems is also evident in their information technology. This includes the specifics of the hardware platform and operating system, the individual web interface, product-specific communication protocols and physical protection measures.

Our IoT penetration test is therefore tailored to your device!

Established standards

For us, individuality does not mean waiving established procedures and standards.

The OWASP Web Security Testing Guides, the Technical guidelines of the BSI and the Common Vulnerability Scoring System (CVSS), as well as other established standards, are guidelines for us.

Our IoT penetration test uses industry standards and guarantees a consistently high quality!

Natural instead of artificial intelligence

Have you heard about the NSA firing hackers en masse? No? Neither have we. A competent attacker cannot be replaced by an algorithm!

Of course, We do use tools to increase the efficiency of our IoT-penetrationtest. However, automated tests do not provide an in depth analysis of devices. This requires the skills and knowledge of experienced pentesters.

Our IoT penetration test is therefore based on the expertise and experience of our pentesters!

Customer-oriented work

Our IoT penetration test shall improve the security of your device. To achieve this you will receive a comprehensive investigation report.

This report is aimed at both the product managers and the developers of the device. It describes the weaknesses of your device in a comprehensible way and evaluates the associated risks in a factual and practical manner.

Our IoT penetration test will show you how to protect your device in a digital world.

Contact us!

Our approach

Kick-off meeting and requirements analysis

The target of the IoT penetration test is your device. For this we answer together questions such as:

  • What is particularly worth protecting and what are the worst-case scenarios?
  • What attacker do you want to protect against? Does the attacker have physical access? Is he an insider?
  • What attack surface does your product offer? What interfaces does it provide and how does it communicate?

The focus of the requirements analysis are the protection objectives, i.e. the requirements that you place on the IT security of your device. If your device is an industrial control system, uninterrupted operation is high priority. If you want to protect your intellectual property it is important that an attacker cannot read the firmware from the device. A smart home device, on the other hand, must protect personal data by means of encrypted transmission.

You may already know the protection objectives of your device very well. Otherwise, we will determine them together with you. A simple approach might be the question: What are the worst-case scenarios when an IT attack is launched on your device?

In the penetration test we will try to violate these protection objectives of your device. To do this optimally, we need an attacker model. In this model, you describe the essential properties of the attacker you want to protect against.

Does the attacker have physical access to your device or can he only access it via a network? In the case of an e-charging station installed in public places physical access is possible. However, a router is operated in an access-restricted environment. It is therefore inaccessible to the attacker and physical security is not relevant.

Complex devices often support a role concept. Here, the strict separation of roles is important for the security of your device. Can a guest user really only view data or can he perhaps also change its configuration?

In this way, you give our IoT penetration test a clear and individual direction.

In addition, the attack surface of your device is also an important part of the requirements analysis. This includes in particular technical questions about interfaces and communication.

Sighting of the device (optional)

You don’t know the attack surface of your device in detail, e.g. because it uses a white label solution? No problem! In this case we inspect your device in advance. This will save time and you will receive a suitable offer for our IoT penetration test of your device.

The purchase of a device in the form of a white label solution is just one example. It is also possible that individual parts come from a third-party. For example, radio communication modules, where the exact specification is not known to you.

In these cases, it is useful to preview your device. Here we obtain an overview of its technical interfaces: Starting from the network services via the web interface up to the radio communication. Without you delving deeply into technical issues, we can provide you with a quote.

Search for vulnerabilities

We systematically analyze your device for weak aspects. We examine the architecture as well as communication and interface security.

Typical priorities here are:

  • logical and design flaws,
  • the encryption and tamper protection of the communication,
  • the secure identification of the communication partner (authentication) and
  • the detection of security-relevant programming errors.

If requested, we can also examine the physical security of your device.

Out IoT penetration test divides the security aspects of your device into four categories.

Communication security

Your device communicates with other systems. This communication must be encrypted and tamper-proof. This applies especially to the exchange of data via the Internet. But also the radio communication of your device is often security-critical. If a door lock can be opened by replaying a message (replay attack), building security is not ensured.

With the IoT penetration test, we therefore critically check whether your device actually complies with the state of the art. For this purpose, we use established procedures such as the Technical Guidelines of the german Federal Office for Security in Information Technology.

Interface security

An attacker, however, can not only access the communication of your device, but also directly access its interfaces and exploit vulnerabilities there. Common vulnerabilities are incorrect identification of the communication peer (authentication) or unintentionally granted rights (authorization). Other vulnerabilities allow the attacker to permanently disrupt the functionality of your device or even to take over complete control of the device.

To test this, our IoT penetration test makes use of established procedures such as the OWASP Testing Guide. The many years of experience of our pentesters also allows us to examine unknown and proprietary protocols.


In the architecture analysis we examine at the internal data exchanges of your device. For this purpose, we determine communication relationships and trust bounderies between individual software components. Thus we systematically identify weak points in the design.

Physical security

If the physical security of your device is relevant, this will also be considered. For example, an attacker could gain access to your device via USB or developer interfaces (e.g. UART or JTAG) which are not properly disabled. This way, he can deposit malicious code, permanently alter the functionality and integrate your device into a botnet.

Proof of vulnerability

Whether a vulnerability can actually be exploited is important for your risk assessment.

Our IoT penetration test therefore clearly shows whether and how vulnerabilities are actually exploitable. Your developers will be able to reproduce the vulnerabilites and you know what conditions are are necessary to exploit the vulnerability.

Risk assessment

To enable you to react appropriately to the vulnerabilities found, we assess their damage potential objectively and realistically. This includes an evaluation using the Common Vulnerability Scoring System (CVSS).

Our assessment enables you to take effective and economical countermeasures.


We summarize the results in a written report and are open for questions. The report includes a management summary, which provides an overview of the vulnerabilities found and the general level of security, without having to deal with the technical details. Your developers can reproduce and fix all vulnerabilities based on our detailed description.

For each vulnerability, the report includes:

  • A brief summary, which may be understood even without in-depth technical knowledge
  • Necessary preconditions for the attacker to exploit the vulnerability
  • A realistic assessment of the potential damage
  • A technical description that allows your developers to easily reproduce it

Upon request, we can also provide recommendations how to fix the vulnerability. In addition, we can evaluate the security architecture and the resilience of your device.

Further support

After the actual IoT penetration test, you can continue to use our services. We will answer any questions regarding the IoT penetration test and can provide accompanying advice and support concerning your device. We are IT security experts who have become specialists in your product.


Do you have questions about IoT penetration testing? Send us an e-mail and arrange a non-binding information meeting right away!

  • OpenSource Security GmbH
    Am Bahnhof 3-5
    48565 Steinfurt
  • Beschwerden/Complaints
  • +49 (0)2552 / 927009-0
  • +49 (0)2552 / 927009-9
  • Prüfstelle BSI-APS-9058
  • Geschäftsführer: Ralf Spenneberg, Hendrik Schwartke
  • Ust.-Id.Nr.: DE 815 773 501
  • Registergericht: Amtsgericht Steinfurt, HRB 12044
  • Inhaltlich Verantwortlicher gemäß §6 MDStV: Ralf Spenneberg
  • Privacy Information