Device & IoT penetration testing.

Hardware, embedded, and IoT devices — including unattended and physically exposed ones.

800+ projects delivered
10+ years of experience

We secure the Czech tech companies that made it globally.

Device & IoT penetration testing

An IoT device is a computer you ship into the world and then can't supervise — often left somewhere a stranger can pick it up, open it, and take their time. We test embedded and IoT devices end to end: firmware and local data, the device's exposed interfaces, and the services it talks to — including the scenario that makes hardware different from everything else, where the attacker has unhurried physical access to an unattended unit.

What we test

  • Firmware & local storage — what's on the device, how it's protected, and what falls out when you extract it.
  • Interfaces & ports — the exposed physical and network interfaces, including the debug ports nobody meant to ship.
  • Backend communication — the services the device talks to, and whether one compromised unit exposes the fleet.
  • Physical-access scenarios — what an attacker achieves with an unattended, physically exposed device in hand.

What you get

A report in four parts: a scope recap, a management summary with an expert opinion on your security standing, an audit-findings checklist sorted by severity, and detailed findings — each with description, impact, CVSSv3 severity, and a concrete proposed fix. Every finding is peer-reviewed so your team can reproduce and fix it fast.

Every test is run by certified senior specialists — no junior hands learning on your systems.

Use the test results toward NIS2, DORA, ISO 27001, and PCI-DSS.

Pricing

Scoped by the device, its interfaces, and the backend in scope. We'll confirm scope and price on a short call.

Our insight.

A full-fledged computer with Kali distribution and integrated WIFI can be the size of a chewing gum pack...

Frequently asked, always answered.

Can you help our company choose secure third party devices?

Yes, insighti is able to, with permission, review and evaluate the security of 3rd party solutions. This allows our clients to make an informed decision about which solution to use based on the pros and cons of each.

What will be included in the test report?

A report includes the list of vulnerabilities discovered with severity rating. Additionally, there is a managerial summary which outlines how these vulnerabilities correspond to a business risk, and a technical write up, so developers can reproduce and correct the issues.

What is the benefit of having a product tested by an independent 3rd party?

When a product is tested by an independent third party, it provides a sense of openness about the security of a product that is not easily gained otherwise. Additionally, it provides a new look into the platform that could uncover security issues that are often missed with familiarity with the system.

Let's talk it through.

Tell us what you need tested — we'll set up a no-obligation call and propose a scope.

Book a free consultation ›