IoT Software
Security

The Internet of Things (IoT) is revolutionizing our daily lives, yet it also introduces significant cybersecurity challenges. The threats include device hacking, data breaches, botnet takeovers, and supply chain attacks. A strong secure software development lifecycle is essential to delivering secure smart devices and protecting businesses from operational disruption, regulatory penalties, safety concerns and financial loss.

Doyensec specializes in IoT software security, covering everything from device firmware to the cloud components that enable connectivity and management. When the security of the underlying hardware needs testing, we partner with the best in the industry to provide comprehensive IoT security audits, ensuring your connected devices, networks, and ecosystems are all resilient to attack.

  • Resilience For Smart Devices

    We specialize in securing device software at each layer of the stack.

    Our team has analyzed routers, speakers, 3D printers, drones and many other types of connected devices.

    From C/C++ to the latest web frameworks in use within smart devices, Doyensec identifies vulnerabilities and misconfigurations in operating systems and applications. Doyensec can determine whether the firmware can be extracted by attackers. Our approach involves everything from attacking the device communications and management processes, accessing exposed debug JTAG/SWD interfaces, leveraging UART shells and even dumping the firmware directly from Flash chips.

    Once we've obtained the firmware, we begin our vulnerability research by identifying ways of instrumenting the device. Typical instrumentation techniques focus on intercepting network traffic, exploiting insecure functionality to execute custom code, and attaching software debuggers.

    Our advanced firmware analysis allows us to identify exposed credentials, insecure services, capabilities an attacker can leverage to attack the device and even to discover implanted backdoors. Additionally, our examination of the network protocols in use often results in identifying insecure communication channels and deepens our understanding of the target's attack surface, including the APIs with which devices communicate.

  • From firmware to web interfaces and cloud components

    Once we know the attack surface, our vulnerability research activities are focused on identifying exploitable remote and local vulnerabilities.

    Depending on the particular threat model, our analysis can extend to the data to/from the cloud and any other source of untrusted input. Data processing and other capabilities of the device are fully analyzed with a combination of techniques. Decompilation, reverse engineering and fuzzing all play an important role in this part of the process. Our capabilities are not limited to just uncovering vulnerabilities either. When requested, Doyensec can turn Proof-of-Concept (PoC) code into fully reliable exploits.

    When our clients need assistance with regulatory compliance and alignment to industry standards, they can rely on our analysis and in-depth understanding to help them meet all the necessary requirements. We can ensure adherence to ISO/IEC 27001, NIST IoT Cybersecurity Framework, and other industry-specific standards.

Firmware Integrity

  • Use of Outdated/Vulnerable Libraries
  • Presence of Backdoors
  • Hardcoded Credentials, Weak encryption, and Unsecured APIs
  • Dynamically Loading Untrusted Code
  • Running Unsigned Firmware Images
  • Running Firmware Images with Improper Signatures

Network & Communication

  • Insecure Device-to-Cloud and Device-to-Device Communications
  • Unencrypted Data in Transit
  • Use of Insecure Protocols
  • Ability to Perform Man-in-the-Middle (MITM)
  • Lack of Certificate Pinning
  • Insecure Radio and Infrared Communications
  • Susceptibility to Deauthentication Attacks
  • Weak WiFi Security Protocols
  • Insecure Remote Access
  • Overly Permissive Communications

Access Control & Authentication

  • Default Credentials
  • Weak Authentication Mechanisms
  • Privilege Escalation Risks
  • Bruteforce Attacks
  • Unsecured Debug Interfaces
  • Bypassable Firmware Protection Mechanisms
  • Exposure of Sensitive Data in Logs or Memory
  • Replay and Relay Attack Vulnerabilities
  • Lack of Secure Boot Enforcement

Hardware Issues

  • Leaving Hardware Debugging Ports Accessible (e.g., JTAG)
  • Exposed Debug Interfaces
  • Insecure Bootloader Configurations
  • Side-Channel Attack Vulnerabilities
  • Lack of Secure Storage for Secrets
  • Poor Physical Tamper Resistance
  • Insecure Firmware Extraction Protections
  • Unprotected Peripheral Communication
  • Fault Injection Vulnerabilities

Data Protection

  • Insecure Storage of Sensitive Data
  • Failure to Encrypt Data Locally
  • Excessive Logging (locally and/or API)
  • Leaking Data in GET Requests (API-side)
  • Leaking Data to Third-parties
  • Insecure Data Transmission
  • Weak or Hardcoded Cryptographic Keys
  • Insecure Key Management
  • Exposure of Sensitive Data in Memory
  • Predictable or Weak Encryption Algorithms
  • Lack of Secure Wipe Mechanisms
  • Improper Access Controls on Sensitive Data
  • Lack of Firmware Integrity Protection

API Security

  • API vulnerabilities
  • Insecure OTA (Over-the-Air) Update APIs

our research articles

Research is one of our founding principles and we invest in it heavily. All of our researchers have the privilege to use 25% of their time exclusively for self-directed research.

show more publications

other services