Basic Guide towards IoT Testing

IoT is an ecosystem of connected physical objects/devices that are accessible through the internet. A technology that makes connectivity between devices/things/humans possible using the internet, be it with Home Appliance automation, Car automation, drones, etc. IoT is becoming an integral part of our day to day life. It has become much advanced with the convergence of multiple different technologies like machine learning, real-time monitoring, sensors detectors, etc and integrated with smartphones/speaker within the same ecosystems to provide a rich user experience.

With the integration of sensors, communication channels, data, cloud, and other technology the system becomes more complex. With complexity increases more it becomes challenging to test. With so much interconnected technology, How a tester would approach to test?

Let’s find out the test layers for IoT and what type of testing one must emphasize for IoT systems.

Testing Approach:

As far as the IoT is concerned, One must have to think about the broad levels of testing. Since IoT is a multi-connected system, A testing plan has to be broken down into different layers. Let’s see the different layers and what testing we must cover for it and any tools that can help us.

1. Communication Channel: IoT devices uses a different communication channel than traditional devices. As these devices are lightweight and have low power batteries, it became critical to use a lightweight protocol for communication and for publishing data. Message Queuing Telemetry Transport(MQTT) is one of the lightest protocol developed to support such systems. It uses publish-subscribe architecture to send/receive data based on topics. In order to safeguard the communication channel, a broker is being placed in between publisher to subscriber.

mqtt-spy tool can be used for testing the broker/communication channel. MQTT spy is a very simple desktop tool, developed in JAVA FX which makes it possible to run in different operating systems. Also, it has a command-line utility called mqtt-spy-daemon which can be used in a CLI mode.

To automate communication channel test cases, one can use paho library available here. It has provided a very simple API to use for automation.

The architecture of communication channel for a simple IoT device

2. Penetration: Since the IoT devices are very sensitive in nature and share very confidential data over the internet thus it makes penetration testing as one of an important area of testing. During pen-testing, a pentester identifies the vulnerabilities of different components and provides solutions to prevent attacks.

A. Communication Protocol: As mentioned earlier, there are multiple communication protocols that IoT devices use like CoAP (Constrained Application Protocol), MQTT (Message Queuing Telemetry Transport). As a pentester, one must identify which communication protocol is being used and identify if they are encrypted. One can use traffic inspection tool like Charles-proxy or Wireshark to intercept the communication from App or from IoT device.

B. Radio Frequencies: Since IoT devices emit the radio waves to transport information to the cloud platform. As a pentester, One must sniff the packets and check whether the replay of the packet is possible. Also, identify if there are any jamming attacks possible to the device.

C. Firmware and Device: These are hardware and the firmware used by the IoT device. As a pentester, One must identify if there are any overflow attacks or command injection possible on the firmware and also what security mechanism is being followed, If any, then is there a way to bypass the security protection. Last but not least identification of DDoS Attack such that the device won’t be capable to transmit information.

To learn more about IoT pen-testing guide follow this link.

3. Performance: As IoT systems use multiple network technologies and different protocols thus it is very important to assess the performance of IoT. How quickly the device is responding to the command and how quickly the command is received to the cloud platform. It is very important to find lags between IoT device and Application that sends the command to the IoT. There are certain metrics that are very important to be defined as an SLA’s to make sure the product is serving with the intended performance. These metrics include latency, response per second, throughput, packet loss, and concurrent users. JMeter can be used as a performance testing tool as it has extensive support for different protocols. JMeter has plugins for MQTT, or CoAP samplers which can be used to send the requests to the server.

Hope this article provides an introduction towards IoT testing and helps you find the different test layers of IoT and tools to use for testing IoT applications.