IoT Security Testing DT IoT Hardware Ecosystem

IoT Security Testing

We are your partner for peace of mind!

Security and data privacy are key enablers for a viable IoT business. Our security testing services can help analyze, assess and qualify your security needs.

umlaut

IoT Hardware Security

Analysis Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by umlaut:

Review of hardware layout and schematics regarding secure design
Verification of interface security: JTAG, SWD, USB, UART, SPI, CAN, I²C
Flash ROM, memory analysis
Glitching test

Device must be shipped to main security lab in Germany

BENEFITS

Analysis covers different device hardware security aspects

Pricing depends on IoT device complexity

umlaut

Source Code Security

Analysis Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by umlaut:

Static analysis, defense in depth
Malware, backdoors, suspicious code, least privilege & access control
Input validation and data sanitization
Session and Memory management
Compiler options and warnings
Error handling and race conditions
Weak cryptography

BENEFITS

The analysis covers all important secure coding aspects

Pricing depends on source code size

DEKRA

Cybersecurity

Consultancy Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

Covers consultancy services prior to evaluation / certification
Includes assessment of security policies in place, gap analysis, vulnerabilities assessment, etc.
Applicable to concept, design, manufacturing, and debugging phases

BENEFITS

Ensure compliance with security requirements prior to start of an official evaluation or certification to enable a smooth process

DEKRA

Security Basic

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

Assessment of SW and HW vulnerabilities
Optional: Assessment of mobile app or website

BENEFITS

Entry-level security evaluation of IoT devices whose use cases require a low security assurance

DEKRA

Security Advanced

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

Penetration testing (partial) of SW and HW
Optional: Penetration testing of mobile app or website
Optional: Verification of OWASP API Top 10

BENEFITS

Advanced-level security evaluation of IoT devices whose use cases require a medium security assurance

DEKRA

Security Expert

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

Penetration testing (full) of SW, HW, mobile app or website
Evaluation of updating process
Evaluation of communications protocols
Optional: Verification of OWASP API Top 10

BENEFITS

Full-level security evaluation of IoT devices whose use cases require a high security assurance

DEKRA

Penetration Testing

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

Tailor-made penetration testing based on device features, product characteristics, etc.
Covers device (HW & FW), cloud/web services, mobile app
Three different approaches: White Box, Grey Box, Black Box

BENEFITS

Cybersecurity evaluation based on manufacturer requirements and processes

Certification requirements for CTIA, ETSI EN 303 645, NIST and/or ioXt Alliance (as needed)

Ensure compliance to security requirements beforehand to enable a smoother certification

umlaut

IoT Device Security Penetration

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by umlaut:

Web application security of local WebUI
Man-in-the-middle, replay-based attacks
Privacy analysis (e.g. GDPR compliance)
Secure remote management and backend communication
Radio / WiFi / BT encryption & hardening
Analysis of third-party libraries and SDKs
Firmware reverse engineering

BENEFITS

The pentest covers all wireless, physical and logical interfaces as well as a software, firmware and privacy analysis

Pricing depends on IoT device complexity

umlaut

Mobile App Penetration

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by umlaut:

Strong focus on security and privacy
Impersonation and authorization bypass
Privilege escalation and man-in-the-middle attacks
Authentication and backend communication
Reverse engineering
App storage, logging, cloning

BENEFITS

The pentest covers all important attack vectors of smartphone apps

umlaut

IoT APN Security

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by umlaut:

Mobile-to-mobile communication
Service discovery from subscriber / SIM card perspective towards network
Abuse of the mobile data service to bypass charging
Verification if malicious UEs can send binary SMS towards remote subscribers

BENEFITS

Assesses mobile-to-mobile communication, core network reachability, charging bypass, and binary SMS

The testing covers all important attack vectors from SIM perspective

umlaut

Backend System Penetration

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by umlaut:

Security scans, identification of available services
Firewall evasion techniques, vulnerability analysis
Intrusive exploitation and verification
Extensive brute-force tests
Horizontal and vertical privilege escalation
Web application penetration testing and OWASP TOP 10

BENEFITS

The pentest covers all important attack vectors of backend systems

HARMAN

Connected Healthcare Security

Consultancy Partner

Package Details

Product Information

SELECT

INCLUDES

Services delivered by HARMAN:

End-to-end testing for HIPAA, OWASP Top 10 for IoT
Risk analysis and mitigation
Remediation and security engineering services
GDPR compliance

BENEFITS

Assess vulnerabilities and personal data safety

HARMAN

IoT Security Managed Service

SaaS Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by HARMAN:

IoT application & network monitoring
L1 and L2 technical support
Asset management SaaS
On-site service (Basic and Advanced)
Remote operational monitoring

BENEFITS

Proactive threat analysis and compliance monitoring

GDPR compliance

DEKRA

GSMA Cybersecurity

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

Support to perform and complete GSMA IoT Security Guidelines Assessment
Includes preparation of Checklist (CLP.17 document) for endpoints, services, and communication networks
Optional: Evaluation of compliance of GSMA Security Guidelines

BENEFITS

Compliance with applicable GSMA IoT Security Guidelines

DEKRA

ETSI EN 303 645

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

IoT security certification according to ETSI EN 303 645, 3 levels of evaluation:

Constrained device
Normal
Full

BENEFITS

Strongly recommended in the European Union from 2022 due to upcoming regulation

ETSI EN 303 645 evaluation is a requirement according to ENISA CyberSecurity Act for low assurance level IoT devices

DEKRA

IACS Product Development

Certification Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

IEC 62443-4-1 certification
Applicable to Industrial Automation and Control System (IACS) device manufacturers
Assess the secure product development life cycle

Package options:

Maturity level 1: Statement of conformity (no DEKRA Seal)
Maturity level 2: Certificate (DEKRA Seal)

BENEFITS

Strongly recommended in the European Union from 2022 due to upcoming regulation

IEC 62443 specification is globally accepted standard for industrial security

ADD-ONS

IACS Component Security

DEKRA

IACS Component Security

Certification Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

IEC 62443-4-2 certification
Applicable to Industrial Automation and Control System (IACS) devices
Product certification
IEC 62443-4-1 process evaluation is a pre-requisite
Security level 1 and higher covered
Statement of conformity

BENEFITS

Strongly recommended in the European Union from 2022 due to upcoming regulation

IEC 62443 specification is globally accepted standard for industrial security

ADD-ONS

Common Criteria

Penetration Testing

DEKRA

Common Criteria

Certification Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

IoT security certification according ISO 15408, 4 levels of evaluation:

EAL1
EAL2
EAL3
EAL4

BENEFITS

Strongly recommended in the European Union from 2022 due to upcoming regulation

Common Criteria evaluation is a requirement according to ENISA CyberSecurity Act for high assurance level IoT devices

DEKRA

ioXt Alliance

Certification Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

Authorized Lab certification (Black or White Box) for ioXt Alliance, with options:

Baseline certification
Specific profiles: Android, Mobile App, Network Lighting, Residential Camera, Speaker

BENEFITS

Get “certified” logo from ioXt Alliance, the fastest growing consortium devoted to ensure security of IoT devices

DEKRA

NIST IR 8259

Testing Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

IoT security evaluation according to NIST IR 8259 standard

BENEFITS

Recommended for North America / United States

Compliance with IoT security baseline regulatory requirements applicable in the United States

DEKRA

CTIA Cybersecurity

Certification Partner

Package Details

Product Information

SELECT

INCLUDES

Service delivered by DEKRA:

IoT security certification according to CTIA guidelines, 3 levels of evaluation:

Level 1 (Core Security)
Level 2 (Enhanced Security)
Level 3 (Advanced Security)

BENEFITS

Recommended for North America / United States

CTIA IoT Cybersecurity Certification is a requirement for IoT devices intended to operate in North American mobile networks

ADD-ONS

Industry - PTCRB

QUICK ACCESS MENU

IoT Security Testing

We are your partner for peace of mind!