Skip to Content
IoT and Edge Security

Billions of devices.
One security
strategy.

Security assessments, architecture review and penetration testing for IoT fleets, edge computing infrastructure, 5G networks and smart environments. IT expertise for connected systems.

Industrial IoT
Smart Cities
Connected Vehicles
Medical IoT
Edge Nodes
Book an assessment Our services
BITHOST IoT SECURITY — DEVICE FLEET ASSESSMENT client: smart-city-authority · scope: 10,847 IoT sensors + edge nodes + 5G gateway layer live scan FLEET OVERVIEW — 10,847 DEVICES 6,812 COMPLIANT (62.8%) 2,240 REVIEW 1,795 CRITICAL DEVICE CATEGORIES Traffic sensors 3,240 Environmental 2,760 CCTV / edge AI 2,400 Smart metering 1,872 Edge compute nodes 575 CRITICAL FINDINGS CRIT 1,240 devices using default credentials (admin/admin or admin/1234) · remote exploitation trivial CRIT 555 edge nodes running EOL firmware (CVE-2022-41873 unpatched) · remote code execution HIGH All devices on flat /16 — lateral movement between CCTV and metering possible HIGH 5G gateway management plane accessible without certificate authentication INFO OTA update channel uses HTTPS ✓ Package signing not yet implemented ○ SEGMENTATION DESIGN BEFORE — FLAT NETWORK All IoT devices → same /16 subnet CCTV, metering, traffic on same layer Edge nodes directly reachable from internet Compromise any device = reach all devices Botnet recruitment: trivial AFTER — SEGMENTED + ZERO TRUST 6 device VLANs by function and risk level Edge nodes behind API gateway (mTLS) Certificate-based device identity enforced Blast radius: 1 VLAN (max 1,800 devices) OTA updates: signed + verified ✓
Fleet assessed
10,847
IoT devices across 6 categories
Critical findings
1,795 critical Segmented Zero trust
Why this cannot wait

The attack surface
is growing faster
than the defences.

Every connected device is an endpoint. Every endpoint is an attack vector. The organisations deploying them at scale are doing so years ahead of their security programmes.

75B

IoT devices by 2030

Each one a potential entry point into your network, your data and your infrastructure if not secured at the device, protocol and network layer.

10×

Edge computing market growth by 2030

Processing moving to the edge means security must move with it. Centralised perimeter security does not protect distributed compute.

83%

Of IoT devices run outdated or unpatched firmware

Most IoT deployments have no patch management process at all. Vulnerabilities discovered in 2019 are still exploitable in devices running today.

600K

Devices recruited into Mirai botnet in 72 hours

Default credentials and no network segmentation. That was 2016. The next generation of IoT botnets has more devices and better targets.

Attack surface

Every environment
we secure.

IoT security is not one problem. It is a different set of threats in every deployment context. We scope every engagement to the specific device types, protocols and risk profile involved.

IoT Device Fleet Security

Security assessment of large-scale sensor and device deployments. We test for default credentials, unencrypted communications, insecure update channels, weak authentication and over-privileged device permissions across your entire fleet.

Works from 10 devices to 100,000

Edge Computing Architecture Security

Security review of edge node configuration, API gateway security, data pipeline integrity between edge and cloud, identity and access management for distributed compute and zero trust architecture design for edge environments.

Cloud-native and on-premise edge

Smart City Infrastructure Audit

End-to-end security audit of smart city technology stacks: traffic management, environmental monitoring, smart lighting, CCTV, public Wi-Fi and the data platforms aggregating everything. Network segmentation between city systems is almost always absent and almost always critical.

Government procurement ready

Connected Vehicle Security Testing

Security assessment of the software and network layers in connected vehicle ecosystems: telematics platforms, V2X communication security, over-the-air update architecture, backend API security and the data pipeline from vehicle to cloud. No hardware required.

Telematics and V2X focus
Our services

Six consulting
streams.

All IT and software services. We assess, design and test the network, protocol, API and software configuration layers. No hardware installation or physical field engineering.

01

IoT Device Security Testing

Systematic security assessment of IoT device configurations across your fleet. Default credential checks, firmware version analysis, communication protocol security and network exposure mapping for every device type in scope.

Fleet scanCredential auditProtocol analysisExposure map
02

Edge Architecture Security Review

Security design review of your edge computing stack. API gateway configuration, mTLS enforcement, certificate management, secret handling at the edge, identity propagation and zero trust network design for distributed infrastructure.

mTLS reviewAPI gatewayZero trust designSecret audit
03

IIoT and Connected Device Penetration Testing

Controlled penetration testing of industrial IoT and connected device environments. We test what an attacker can reach through the network, API or management plane without physical access to any device.

Network pen testAPI exploitationLateral movementReport
04

Smart City Infrastructure Audit

Comprehensive security audit of multi-system smart city deployments. We review network segmentation between city systems, data platform security, vendor access controls and compliance with government procurement security requirements.

Multi-system scopeVLAN auditVendor accessGov compliance
05

5G Network Security Consulting

Security assessment of 5G-connected IoT deployments. We review the security of the connectivity layer: SIM management, network slicing security, API exposure from 5G management planes and device authentication over 5G.

SIM managementNetwork slicingDevice auth5G APIs
06

OTA Update Security Assessment

Security review of over-the-air update infrastructure. Package signing, update channel integrity, rollback protection, version management and authentication of the update server to device. Insecure OTA is the primary vector for fleet-wide compromise.

Package signingChannel securityRollback testAuth review
How an engagement works

From fleet inventory
to secured architecture.

01
Device and network inventory

We map every device type, firmware version, communication protocol and network connection in scope. Most clients discover devices in this phase they did not know were connected.

02
Passive fleet assessment

We analyse device configurations, communication patterns and network exposure without sending test traffic to production devices. Finding classification by device type and severity.

03
Controlled penetration testing

Active testing of agreed target systems and APIs. We simulate what an attacker can access from outside your perimeter and from inside the device network without touching live production sensors.

04
Segmentation and remediation design

Network segmentation architecture, zero trust design, credential rotation plan and OTA security recommendations. Prioritised by device count and exploitability of each finding.

Phase 1 — Device and network inventory Example engagement
Inventory phase — what we discovered
312 undocumented devices found on the networkClient asset register listed 10,535. Actual count: 10,847. Shadow IoT is the norm, not the exception.
4 different firmware versions across the same device modelInconsistent patching creates unpredictable attack surface. Version 2.1.4 has known RCE vulnerability.
38 devices still using factory default IP rangesOverlap with internal subnets causing routing ambiguity. Some devices unreachable from management plane.
6 communication protocols in use across the fleetMQTT, CoAP, HTTP, Modbus TCP, AMQP and a proprietary vendor protocol. Each requires separate security review.
OTA update channel uses HTTPS with valid certificatesGood foundation. Package signing not yet implemented. Unsigned updates accepted from any server matching the hostname.

312 unknown devices is a critical finding before any testing begins. You cannot protect what you cannot see. Every engagement starts with getting the inventory right.

Fleet assessment — finding distribution
Default credentials
1,240
EOL firmware
555
Unencrypted comms
420
No device auth
580
Fully compliant
6,812

1,240 devices with default credentials is a Mirai-class botnet waiting to happen. A single automated scanner running for 20 minutes would recruit every one of them without any further exploitation required.

Penetration testing — what we demonstrated
Full network scan from one compromised CCTV deviceFlat /16 meant the compromised device could see and reach all 10,847 others on the same broadcast domain.
Edge node management API accessible without tokenThree edge nodes exposed management REST API on public interface with no authentication. Full configuration readable and writable.
OTA update spoofed with unsigned malicious packageHTTPS channel intact but no package signature verification. Served unsigned firmware from test server. Device accepted and staged it.
5G SIM management portal: authentication correctTwo-factor enforced. No findings in the 5G management plane. Good baseline to build on.

All testing performed against isolated test devices and staging environment only. Production sensor data and city operations were not interrupted at any point during the engagement.

Remediation delivered — architecture outcomes
Six device VLANs designed by function and risk levelTraffic sensors, environmental, CCTV, metering, edge nodes and management plane all isolated. Blast radius now max 1,800 devices per VLAN.
Zero trust device identity architecture designedCertificate-per-device plan using a private CA. Devices authenticate with mutual TLS to all management systems.
Package signing added to OTA pipelineFirmware signed by private key. Devices verify signature before staging. Unsigned packages now rejected at device level.
Default credential remediation plan: 1,240 devices in 8 batchesAutomated credential rotation script delivered. RADIUS integration designed for long-term centralised management.

Remediation plan phased over 90 days with zero production downtime required. All architecture changes are network and software layer only. No device replacement or field engineering needed.

Target industries

Every sector
running connected systems.

Manufacturing — Industry 4.0

IIoT sensor fleets on factory floors, connected production lines, digital twin infrastructure, edge computing for real-time process control and the OT/IT convergence security gap.

IIoT sensorsEdge nodesIEC 62443

Smart Cities

Traffic management, environmental monitoring, smart lighting, connected CCTV, public Wi-Fi networks and the data platforms aggregating and analysing city-wide sensor data.

Gov contractsMulti-systemData platforms

Automotive and Connected Vehicles

Telematics platform security, V2X communication protocols, OTA update architecture for vehicle fleets, connected car backend API security and in-vehicle network data pipelines.

TelematicsV2XOTA updates

Healthcare and Medical IoT

Connected medical device management platforms, patient monitoring data pipelines, hospital building management systems and the network security of clinical IoT deployments.

IEC 80001Device mgmtData pipelines

Agriculture and Precision Farming

Remote sensor networks across large areas, satellite and 5G connected field devices, drone fleet management platforms and the agricultural data platforms processing sensor telemetry.

Remote sensors5G connectedFleet mgmt

Energy and Smart Grids

Smart meter security, grid sensor data integrity, demand response platform security and the communication layer between distributed energy resources and control centres.

Smart metersGrid sensorsNERC CIP
FAQ

Before we scope
your fleet.

We use a representative sampling methodology. We categorise devices by type, firmware version and network location and assess a statistically representative sample from each category. Configuration findings in one device of a given type and firmware version apply to all devices of that type. For credential and network exposure checks we can run automated assessments across the full fleet non-disruptively. The result is full fleet coverage without testing 10,000 devices individually.
OT security focuses on operational technology in industrial environments: PLCs, DCS systems, SCADA and safety instrumented systems where the Purdue model and IEC 62443 apply. IoT security covers connected devices in broader contexts including smart cities, consumer and commercial environments, medical devices and connected vehicles. The protocols, regulatory frameworks and risk profiles differ significantly. Many organisations have both environments and need both services.
Yes. We focus on the IT and software layers: the telematics backend platform, the V2X communication APIs, the OTA update infrastructure and the data pipelines from vehicle to cloud. These are all network and software services that we can assess and test without physical vehicle access. The backend security layer is where most connected vehicle vulnerabilities have been found in practice and it is where we can add the most value without hardware.
The three highest priority items for 5G IoT deployments are device authentication at the SIM and application layer, network segmentation between device types over network slicing or APN separation, and the security of the management APIs that control your device fleet. Default credentials and flat network architecture compound extremely fast when devices are 5G-connected because the attack surface is reachable from anywhere rather than only from a local network.
Yes. We produce security assessment documentation aligned to government procurement requirements including technical vulnerability reports, network architecture review, penetration test evidence and remediation evidence. We can scope this to the specific security standard or framework the contract requires and produce documentation in the format the procurement authority expects. Engagements can be structured to fit within your bid timeline.

Every connected device
is a door.
We check every lock.

Tell us your device types, deployment scale and the industry context. We will scope an engagement that fits your fleet and your timeline.

Request an assessment
IoT security · Edge architecture · Smart city audit · 5G consulting · Connected vehicle