Facilities and Equipment

IoT Operational Security Testing & Evaluation Centre (IoTSETEC)

The IoTSETEC Lab is a new dedicated facility within WMG, funded by the Catapult, designed to enhance security and resilience testing for Internet of Things (IoT), Industrial IoT (IIoT), and Internet of Medical Things (IoMT) devices. Positioned as the UK's first comprehensive security lab for IoT and cyber-physical products, IoTSETEC offers end-to-end testing for embedded hardware and software. This page is a summary of its services, unique offerings, and industry applications.

WMG is an academic department at the University of Warwick and is the leading international role model for successful collaboration between academia and the public and private sectors, driving innovation in science, technology and engineering, to develop the brightest ideas and talent that will shape our future.

Key contact

wmgbusiness@warwick.ac.uk

Key links

Facilities and Equipment

Recent publications

Ready to work with WMG?

Standardised and Bespoke Security Testing

IoTSETEC provides standardised testing for diverse IoT devices and tailored, in-depth security evaluations focused on device-specific needs.

The standardised testing services provide comprehensive evaluations of IoT devices, measuring their performance and security against established industry standards and best practices.

IoTSETEC also conducts in-depth, customized security evaluations. These tailored assessments delve into the specifics of each device, identifying and mitigating potential vulnerabilities that might be overlooked by more general testing methods.

It supports both compliance and accreditation services, including regulatory alignment with the UK’s Product Security and Telecommunications Infrastructure (PSTI) Act and ETSI 303 645 standards, opening access to wider UK and EU markets.

Real-World Attack Simulation

Through industry-tailored testing scenarios, IoTSETEC replicates real-world attack conditions relevant to specific client environments and use cases. Techniques include fuzzing, static and dynamic analysis, and hardware security testing for robust vulnerability identification.

Network Security:Replicating network-based attacks such as man-in-the-middle (MITM) attacks, denial-of-service (DoS) attacks, rogue access point deployments, and network protocol fuzzing.

Device and Hardware Security:Analysing device firmware for vulnerabilities, conducting hardware security testing including chip-off analysis and fault injection, and performing side-channel attacks to extract sensitive information.

Software and Application Security:Utilising static and dynamic analysis to identify vulnerabilities in device software and applications, fuzzing APIs to uncover unexpected behaviour, and testing for common web application vulnerabilities (OWASP Top 10).

Data Security and Privacy:Evaluating the strength of encryption and authentication mechanisms, analysing data flow to identify potential leaks and privacy violations, and assessing compliance with relevant data protection regulations (e.g., GDPR, CCPA).

Advanced Workbenches for Hardware and Communications Testing

Hardware Testing Workbench: Hardware and firmware security analysis. Performs in-depth internal communication inspection, firmware extraction and analysis, memory extraction for vulnerability assessment, debug port analysis, and evaluation of resistance to side-channel attacks.

Communications Testing Workbench: Designed for advanced security auditing of wireless communications. Supports BLE, Zigbee, LoRa, and WiFi, enabling vulnerability discovery through targeted attacks such as jamming, packet crafting (modification, replay), and protocol fuzzing to identify exploits.

ResAuto Project Workbench: Focuses on automotive sector security, leveraging CHERI-based solutions in partnership with Thales UK for evaluating cost-effective cyber-resilience in automotive systems

Comprehensive Risk Assessment & Reporting R&D and Continuous Security Evolution

With a steadfast commitment to continuous research and development, IoTSETEC ensures its security methodologies remain at the forefront of evolving IoT security trends and threat landscapes. By integrating the latest advancements in cybersecurity techniques and technologies, the facility provides clients with cutting-edge security solutions, empowering them to stay resilient against emerging threats while maintaining compliance with evolving standards.

How can we help your business?

Customised testing scenarios to address specific industry threats and use cases.

Scalable services suitable for both consumer and industrial-grade devices, adaptable to device complexity.

Transparent reporting with actionable security insights and practical remediation advice.

Cutting-edge testing techniques to identify both known and undisclosed vulnerabilities.

Regulatory expertise for compliance with evolving standards, supporting clients in securing an early market advantage.