Industrial systems, medical devices, connected machines in production, or embedded systems in vehicles: digitalization even affects systems that have been isolated for years. But as these systems get more connected, the risks increase too: Operational Technology (OT) and Internet of Things (IoT) systems are now a key part of many business processes, making them a valuable target for attackers. The result: cyberattacks on these systems are constantly increasing.
Therefore, specialized security analyses and penetration tests are more important than ever in this field. However, what exactly constitutes an OT and IoT system pentest? Why is a standardized pentest not sufficient in this case? We provide the answers and demonstrate what distinguishes our specialized pentests.
What are OT and IoT systems?
In general, operational technology (OT), supervisory control and data acquisition (SCADA), and industrial control systems (ICS) encompass all systems that monitor and control physical processes. This includes areas such as manufacturing, energy supply, and logistics.
Embedded or IoT systems are specialized, often connected computer systems that are built into devices or machines to perform specific tasks autonomously or in real time. These are used in lots of areas, like industry, automotive engineering, building automation, surveillance technology, and medical technology. Since these systems often collect, process, and transfer sensitive data, they need to be properly protected against cyberattacks.
Why are OT and IoT systems particularly vulnerable to security vulnerabilities? And what does that imply for my organization?
OT and IoT systems were often developed without a security concept and are frequently poorly segmented or outdated. At the same time, they pose particular challenges: long life cycles, limited update capabilities, and often physical access to the devices by third parties. Due to their increasing connectivity with IT systems, they represent an attractive target for attackers. A successful attack can have serious consequences for a company: from data leakage and manipulation of control processes to complete system failure (e.g., production process or overall operational safety).
In OT and IoT environments in particular, a specific pentest helps to identify security-critical vulnerabilities before they disrupt processes or endanger systems. A specialized pentest thus creates a robust basis for protecting availability and operational security.
Robin Plugge, Senior Consultant IT Security and Expert for Pentesting OT and IoT Systems, usd AG
How does an OT and IoT system pentest differ from other pentests? What are the key factors to consider?
While many of our pentests examine systems, networks, or web applications for vulnerabilities, OT and IoT pentests operate in a different environment: they involve machine controls, industrial communication protocols, or embedded systems with often outdated operating systems and limited resources. Therefore, our security analysts contribute specialized expertise and a deep understanding of the respective system landscape to OT or IoT system pentests.
Our experts base their OT system pentests on realistic attack scenarios, e.g., through external attacks or insiders with physical access. The focus is on identifying and assessing risks without jeopardizing ongoing operations, as OT systems are usually highly available and must not be disrupted.
In an IoT system pentest, our experts analyze the entire attack surface: from hardware and firmware to potentially connected cloud systems or mobile apps. Both automated procedures and manual techniques are used, e.g., reading memory components, reverse engineering firmware, or analyzing wireless communication.
What vulnerabilities are particularly common in OT and IoT systems?
Common vulnerabilities in OT environments include:
- Misconfigured access to engineering workstations or HMI systems
- Weak or missing authentication at interfaces (e.g., remote maintenance)
- Poorly protected communication protocols (e.g., Modbus, OPC-UA)
- Outdated or unpatched control components
- Missing segmentation between IT and OT systems
Typical vulnerabilities in IoT devices include:
- Insecure firmware and bootloaders
- Weak or hardcoded credentials
- Manipulable hardware interfaces (e.g., UART, JTAG, SPI)
- Poorly implemented maintenance access or wireless protocols (e.g., BLE, ZigBee, LoRa)
- Security flaws in web or cloud components
- Broken access control via interfaces
Operators of OT and IoT systems should actively test their security with OT and IoT system pentests
In an increasingly connected world, traditional security measures alone are no longer sufficient. Whether it's production facilities, medical technology, or smart building technology, a targeted OT or IoT system pentest provides clarity about the current security situation and ensures security.
With our combined expertise in OT and IoT security, we support you in identifying vulnerabilities at an early stage and securing your systems in the long term. Contact us, we are happy to help!
