IoT & Hardware Security Testing
Connected devices carry an attack surface that most security programmes underestimate. The firmware running on a microcontroller, the debug port left accessible on a PCB, the wireless protocol with no meaningful authentication, the update mechanism that trusts whatever it receives. Each one is a potential entry point, and none of them will show up in a standard network scan.
At Project Black Security, we test hardware and IoT devices the way a real adversary would, with hands-on access, purpose-built tooling, and over 12 years of offensive security experience across consumer electronics, industrial systems, embedded platforms, and connected vehicles. Every engagement is scoped and contracted, and every finding is one we can demonstrate.
What We Test
Hardware & PCB Analysis
Firmware Extraction & analysis
Firmware Extraction & analysis
Board-level inspection to identify components, test points, and debug interfaces. We probe UART, JTAG, SWD, I2C, SPI, and USB interfaces to assess what access they provide and what protections are in place.
Firmware Extraction & analysis
Firmware Extraction & analysis
Firmware Extraction & analysis
We extract firmware from flash memory, eMMC, and NVMe storage using invasive and non-invasive methods, then analyse it for hardcoded credentials, insecure configurations, exposed services, and exploitable weaknesses. Where code is compiled or obfuscated, we apply reverse engineering to understand what it is actually doing.
Wireless & RF Security
Firmware Extraction & analysis
Network Services & APIs
We assess the full range of wireless communication a device uses, including Wi-Fi, Bluetooth and BLE, Zigbee, Z-Wave, LoRa, and proprietary RF protocols. Testing covers authentication weaknesses, signal replay and injection, unencrypted communications, and what an attacker within range could realistically achieve.
Network Services & APIs
Supply Chain & Component Review
Network Services & APIs
We enumerate and test network-facing services for authentication bypass, unencrypted data in transit, insecure update mechanisms, and weaknesses in the device-to-cloud communication path. Companion applications and APIs are assessed as part of the same attack surface, not as a separate engagement.
Reverse Engineering
Supply Chain & Component Review
Supply Chain & Component Review
Where understanding the internal logic of firmware, software, or a communications protocol is required to assess risk accurately, we apply reverse engineering to get there. Particularly relevant for proprietary protocols, licensed software, and devices where functionality has been deliberately obscured.
Supply Chain & Component Review
Supply Chain & Component Review
Supply Chain & Component Review
Third-party components, libraries, and vendor-supplied firmware can introduce risk that sits entirely outside a development team's visibility. We review the supply chain for known vulnerabilities, insecure dependencies, and components that present unacceptable risk to the finished product.
How an Engagement Works
Scoping
We work with you to define the device, the threat model, the depth of testing required, and any operational constraints. This ensures the engagement produces findings that are meaningful to your product and the environment it operates in.
Hands-On Testing
Testing is conducted with physical access to the device and full use of purpose-built hardware and software tooling. We work methodically across the defined attack surface, documenting findings with reproduction steps and evidence as we go.
Reporting
Findings are delivered in a report written for both technical and non-technical audiences. Each vulnerability is risk rated against actual exploitability and accompanied by specific, actionable remediation guidance. We do not pad reports with theoretical issues. If it is in the report, it matters.
Remediation Support
We are available to support your team through the remediation process, answer technical questions on findings, and where required, retest to confirm that vulnerabilities have been addressed effectively.
What We Have Tested
Our experience spans a wide range of device types and sectors. If it has a processor, firmware, and a communication interface, we can assess it.
- Consumer smart home & lifestyle devices
- Industrial control systems (ICS) & OT
- Medical & health monitoring equipment
- Automotive & connected vehicle systems
- Networking hardware & embedded gateways
- Purpose-built security hardware
- Wearables & personal devices
- Building management & access control systems
- Energy & utility monitoring devices
- Retail & point-of-sale hardware
Why It Matters
A vulnerability in a connected device is rarely contained to that device. It can be the entry point into a corporate network, a mechanism for large-scale data extraction, or a means to affect physical systems in ways that carry real consequence. Finding those weaknesses before a product ships, or before an attacker does, is significantly less costly than responding after the fact.
The threat landscape for connected devices is well documented by the NCSC, NPSA, and UK Government guidance on secure-by-design product development. Our assessments are informed by that guidance, alongside recognised frameworks including MITRE ATT&CK, CWE classifications, and OWASP, applied through the lens of real offensive experience rather than as a theoretical exercise.
Project Black Security
Copyright © 2026 Project Black Security Ltd - All Rights Reserved. Company registered in England and Wales. Registered number: 17047362
Powered by GoDaddy