Contact Us

Tel. (415) 294-0482


  • github
  • Twitter

Internet of Things (IoT)

The process of penetration testing IoT (Internet of Things) devices is unique and easy to overlook. Embedded components, non-standard firmware, and unique radio communications all increase the complexity of IoT device security. Despite new security challenges, there has been an exponential rise in embedded devices. IoT devices are found in enterprise, homes, or office environments.


BC Security provides advanced IoT pentesting services to identify these risks and prevent your device from being used against you – or your customers.

What is the Internet of Things?

The Internet of Things refers to the global collective of internet-facing embedded devices. These devices contain various sensors, actuators, and electronic components that interface with web-based applications and cloud environments. They are security cameras, alarm systems, thermostats, door locks, and vehicle technologies that are embedded into everyday items. With the expansion of IoT, we’re seeing a new wave of great accessibility benefits and impending security concerns.


Test for IoT Security Vulnerabilities

Full-stack IoT penetration testing services, ranging from smart medical devices to security systems and locks. Our services go beyond surface level inspection, reverse-engineering the hardware components for dumping firmware and other critical modules. By revealing security vulnerabilities before attackers can take advantage of them, we can mitigate risk that comes with new technology.


We approach this by studying cryptographic protections and communication methods the device uses to connect to the internet, manipulating the application and endpoint services.


Hardware Assessment

Each assessment begins with the devices that make up the IoT system. We carefully reverse-engineer and disassemble these devices, mapping out components and uncovering hardware related vulnerabilities.


Software Assessment

The software component of IoT testing consists of both the device firmware (either provided by the client or extracted in the hardware process) and the associated backend applications or Application Programming Interfaces (APIs). Reverse-engineering the firmware can reveal sensitive information that can be used in revealing hardcoded encryption keys or exposing your customers' Personal Identifiable Information (PII).

How can we help?