IoT Product Penetration Testing

IoT Product Penetration Testing

Onsite Anywhere Across the USA

6+ Months

Job Description:

• Perform OSINT against the target device, such as reviewing the vendor website or FCC filing information
• Analyze network services listening on the system
• Identify external I/O ports on the device (USB, Ethernet, etc.)
• Safe device disassembly, and familiar with tamper-evident controls
• Identify internal I/O ports on the device (UART, JTAG, etc. on the PCB)
• Identify internal chips on the PCB (CPU, RAM, flash memory, radios, etc.)
• Interface with low-level communications (UART, JTAG, SPI, I2C, etc.)
• Acquire/extract and analyze firmware packages
• Identify hard-coded credentials on the system
• Understanding of Secure Boot and firmware signing
• Analyze the device boot sequence, interrupt the boot process, and change boot parameters or boot external media
• Conduct network Man-in-the-Middle attacks to analyze inbound/outbound communications
• SSL validation attacks (improper certificate validation, etc.)
• Analyze and attack 802.11 WiFi and BLE communications
• Privilege escalation techniques on the device OS
• Chain vulnerabilities together to show impact of a compromised device to the client
• Document the findings observed, attack scenarios performed, and associated risks
• Consultant must have their own tools/hardware for these skills; we do not have any extras that we can loan out

These skills would be bonus, but not required:

• Familiar with modern DMA attacks (via PCI, M.2, etc.)
• Experience with TPM and attacks against Full Disk Encryption
• Familiar with reverse engineering of embedded binaries
• Familiar with WebApp API testing
• Familiar with ZigBee wireless communications and attacks
• Experience interfacing with CAN-BUS networks
• Ability to solder, analyze UART and JTAG lines, and repair removed functionality (UART, JTAG, etc.)
• Ability to remove ICs from the PCB and interface with them directly (CPU, flash memory, etc.)