IoT is a platform to connect the things which have an internet. A connected device is a complex solution, with various potential entry doors for an attacker. A connected device pentest IoT includes tests on the entire object ecosystem. That is electronic layer, embedded softwares, communications protocol, servers, web and mobile interface. The pentest on the electrical side,embedded softwares, and communication protocol concern vulnerabilities more specifically the IoT.
There are three types of attacks on connected objects and embedded systems. Software attack, non-invasive and invasive hardware attacks. The first take advantage of software vulnerabilities, the second recover information from the hardware without damaging it while the third involve opening the components and therefore destroying them in order to be able to extract secrets. While the first two types of attacks do not require many resources, this is not thecase for invasive attacks, for which very expensive equipment is requires.