Inside Our IoT Testing Lab: Built for Anything

Your smart devices have secrets. We find them. That’s exactly what we do at One Compliance, where we’ve been diligently enhancing our IoT testing lab. We simulate challenging environments, test the interaction between diverse devices using various protocols, and confirm that firmware updates are secure and cannot be exploited. Our efforts aim to make the lab bigger, better, and bolder than ever before!

So, what exactly is IoT? Put simply, it's the ever-growing universe of physical objects, from smart fridges to industrial machinery, that are kitted out with sensors and software to connect, communicate, and share data over the internet. Think of it as giving everyday objects a voice and then listening to what they have to say.

At its core, an IoT system is made up of four things: sensors and devices, connectivity (Wi-Fi, Bluetooth, and everything in between), data processing software, and a user interface. When one of these lands in our lab, we put it through its paces, testing functionality, security, interoperability, and performance, all the way from the hardware up to the network layer. The real world is messy and unpredictable, and our testing reflects that.

Having an IoT testing lab is a gamechanger because it enables us to proactively identify unique, hardware-level vulnerabilities that cannot be detected by traditional software-based IT security tools. As IoT devices increasingly connect critical infrastructure, a specialised lab provides a controlled environment to simulate real-world attacks, ensuring compliance with industry standards. This helps us build credibility and trust with our clients.

So, what are the core capabilities of our testing lab?

Traffic monitoring and analysis, MITM (man-in-the-middle) - We get devices and systems to do things they really shouldn't. Think of us as the mischievous middleman.

Wired Ethernet including POE devices - Of course we do wired Ethernet, but Power-Over-Ethernet is the newer flavour here and we can handle active or passive flavours when it comes to POE.

Wi-Fi - 802.11a, b, g, n, ac, ax, be - 2.4, 5 or 6GHz? Bring it on. Whatever type of WiFi you're working with, we've got it covered.

Bluetooth - Sniffing and poking around Bluetooth connections is very much our thing. All versions, no exceptions.

USB - Got a USB cable? We can sit in the middle of it, quietly watching, or not so quietly injecting data. Don't mind us.

RS232/423 - Old-school serial ports have been around forever, and they're not going anywhere. Slow and steady, but we can still put them through their paces.

SPI/I2C bus sniffing and injection - Deep in the guts of a microcontroller? No problem. We can sniff and manipulate embedded serial buses like it's second nature.

Exploitation of debugging interfaces - SWD, JTAG. Once we've got debug access, the question becomes: how far can we push it? Spoiler: pretty far.

RFID Manipulation - Doors, printers, toothbrushes, toasters; if it's got an RFID chip, we've got the tools to have a poke around.

Firmware - ROM extraction, decoding, reprogramming, bootloader exploitation. We get right under the hood, and we're not afraid to get our hands dirty.

MDB - Yes, we probe vending machines. And before you ask, no, it doesn't get us free snacks. It's a serial protocol with a very specific implementation, and we know it well.

CANBUS testing - We love messing with cars. Not to unlock hidden horsepower (tempting as that is), but to check the integrity of communications between ECUs and diagnose what's going on under the bonnet.

Cellular connections - This one's off the table, unfortunately; testing live cellular connections would put us on the wrong side of UK law. We know our limits!

The IoT landscape never stands still, so we don’t either. New devices, new protocols, and new vulnerabilities emerge all the time. That's why we're committed to continuously expanding what our lab can do, ensuring we're always equipped to tackle the threats that come with a world where everything is connected.

Behind every test is a team of people who genuinely love what they do. Our testers bring a rare mix of technical expertise and creative curiosity, the kind that makes them think like an attacker, so our clients don't have to worry about one.

Impressed by what we can do? Please get in touch. We’re passionate about using our skills to help businesses stay one step ahead of attackers!