Pentest on Internet of Things Devices

Internet of Things (IoT) is one of the key enabling technologies for an always-connected world and also a main enabler for generating information of interest in various application domains. A growing problem in recent years in this technology is security, as power-constrained devices that are typical of IoT applications may not always provide these implementations properly. These conditions can compromise entire environments and allow malicious agents to take control and perform malicious activities. In this article, we provide a summary of the principal vulnerabilities reported for IoT devices based on the OWASP Internet of Things Project, classified by test routine groups. Using models based on standard architectures to define and detail reproducible verification routines for each test, a selection of independent analyzes of each identified category was performed to ensure more comprehensive and accurate testing. Finally, the proposed routines are performed in a test environment to exemplify and ensure their operation, thus contributing to meeting the demand in the area for more accurate information and to assist in understanding the most common vulnerabilities.