IoT/Wireless Device Cybersecurity Testing Guide
This testing service analyzes vulnerabilities, attack surfaces, and security threats in communication sections that may occur in IoT and wireless devices, and verifies whether core security functions such as access control, authentication, session management, and encryption are properly implemented.
The security level of the product is comprehensively evaluated by using checklist-based inspection and actual attack scenarios.

Testing Objectives

- Objective verification of security vulnerabilities, such as cyber attacks, unauthorized access control, and the possibility of data fabrication/tampering
- Assessment of the appropriateness and effectiveness of the security functions implemented by the manufacturer
- Pre-confirmation of security performance and securing documentation completeness for compliance with CE regulations

Target Devices

- IoT devices with wired or wireless internet connectivity
- Smart Home·Wearables·Smart Toys
- Devices that process personal and sensitive information
- Devices incorporating financial payment functions
- IoT Hubs / Gateways / Smart Sensors

Key Testing Itms

- Vulnerability Assessment
- Penetration Testing (Pen-Testing)
- Source Code Security Analysis
- Fuzz Testing
- Security Mutation Test

Testing Standards (Specifications)

EN 303 645
- Applies minimum security requirements and best practices for consumer IoT devices.
EN 18031 Series
- EN 18031-1: Common security requirements for internet-connected radio equipment.
- EN 18031-2: Security for network facilities·children's toys - wearables.
- EN 18031-3: Security for devices with financial functions, such as virtual currency·e-money.

Preparation Requirements and Lead Time

Required Documents
- RED Pre-diagnosis Checklist
- Product Function Description
- Technical Manual
- User Manual
Average Lead Time: Approximately 4 weeks (Negotiable based on the scope and scale of the diagnosis).

Testing and Certification Procedure

1. Contract and Scope Finalization
2. Security Requirements Analysis
3. Testing Execution
4. Issuance of Test Report
5. CE Certification Support

Strengths of ICR

Reliability of an Accredited Testing Body
- Professional security testing is performed, meeting domestic and European regulatory standards like EN 303 645 and EN 18031.
Diverse Industry Testing Experience
- Possesses extensive verification experience across various IoT fields, including Smart Home, Medical Devices, Wearables, Finance·Industrial Equipment.
Expertise in Attack-Based Security Evaluation
- Verification is performed based on actual attack scenarios, including Vulnerability Assessment - Penetration Testing-Fuzzing.
One-Stop CE Certification Linkage
- Provides a one-stop service linking testing -> report issuance -> CE certification, in cooperation with ICR Polska (NB 2703).