Internet of Things (IoT), Internet of Medical Things (IoMT) und Operational Technology (OT) Penetration Testing 

In the increasingly networked world of Operational Technology (OT) and the Internet of Things (IoT) or Internet of Medical Things (IoMT), numerous new opportunities are opening up. However, these developments also entail various risks and attack vectors. In both private and industrial applications, devices communicate via backend interfaces that require comprehensive security in accordance with ISO 27001 or the IEC 62443 standard for industrial network security. Particular attention should be paid to zero-day vulnerabilities, i.e. vulnerabilities for which no patch or remedial measures are yet available. These can pose an acute threat.

Operational Technology (OT) refers to hardware and software that directly monitors or influences industrial equipment, assets, processes and events. Unlike traditional information technology (IT) systems, OT systems are specifically designed for industrial control and monitoring tasks. Examples of OT devices include Programmable Logic Controllers (PLCs), Supervisory Control and Data Acquisition Systems (SCADA) and Distributed Control Systems (DCS).

IoT, on the other hand, comprises interconnected devices and applications that are used in various areas, including medical and health information technology. IoMT devices connect patients, doctors and medical devices by transmitting information over a secure network. These devices use automation, sensors and machine-based intelligence to reduce reliance on human intervention during routine medical procedures and monitoring. 

The security of such IoT/IoMT devices is critical. Therefore, we offer IoT/IoMT penetration tests conducted by our ISO 27001 & IEC 62443 certified consultants and lead auditors as well as OSCP and OSWE certified pentesters. These tests include a variety of methods based on the OWASP IoT Top 10 and the OWASP IoT Security Verification Standard. First, the IoT devices themselves are checked for vulnerabilities to determine whether sensitive data or the firmware can be read and manipulated. The communication connection to the backend server is then tested, including by means of man-in-the-middle attacks. If available, the corresponding mobile applications (iOS und Android) are also checked. Finally, the backend is penetration tested using methods for carrying out web application and web-API-penetration tests.