Pentest for Smart Homes
Intrusion security validation for automated residences, high-end homes and high-value properties.
Why now
The real pain
Your home is smart. And vulnerable. IP cameras owned in seconds, NFC locks cloned, voice assistants activated remotely, Z-Wave/Zigbee hubs compromised over RF. The more connected, the larger the attack surface — and almost no residence has ever been tested by a real pentester.
Applicable regulation
/attack-surface
Vectors we test in casas inteligentes
Every engagement is designed for your environment. The points below are part of our standard playbook for this sector — final scope is adapted to your stack and contract.
IP cameras and DVR
Unauthorized access, replay, exposed RTSP, default credentials, vulnerable firmware and WAN exposure.
Smart locks and access control
NFC/Bluetooth replay, tag cloning, bridge bypass and relay attack.
Hubs and RF protocols
Zigbee, Z-Wave, Matter, 433 MHz — SDR analysis and command injection.
Voice and media assistants
Alexa, Google, Apple HomeKit — privacy, remote activation, audio exfiltration.
Network and segregation
Guest vs IoT vs corporate Wi-Fi, WAN exposure, residual UPnP and DNS rebinding.
Solar, EV charging and thermostat
Residential OT, exposed Modbus, telemetry manipulation and consumption abuse.
/methodology
Genuinely manual pentest
Automated scanners find what's documented. Real attackers find what isn't. 90% of the work is manual — performed by specialists holding OSCP, CISSP, CRTO and GPEN.
01 · Reconnaissance
Target mapping, OSINT, footprint, sector-specific threat modeling.
02 · Discovery
Deep enumeration, complementary scanning, manual exposure identification.
03 · Exploitation
Manual validation with controlled PoC, finding chaining, escalation.
04 · Report
Executive + technical, step-by-step replication, mapped to applicable regulation.
/why-trust
Who has trusted our work
Growing demand from high-end residences in Brazil, Portugal and Italy; joint engagements with home automation integrators.
Technical assessment recognized in highly regulated, mission-critical environments — the pentest that finds what nobody had found before.
Douglas Lopes
Founder · CEO · intrus.io
/faq
FAQ — Casas Inteligentes
Do you need to be inside the home to test?
Not necessarily. Most of the scope is remote via network/internet and firmware analysis. For RF components (NFC, Zigbee, 433 MHz) a 4-8h technical visit usually covers it.
Who receives the report?
Directly to the owner, under NDA. We never share with integrator, building or insurer without explicit authorization.
/contact
Ready for a serious pentest in casas inteligentes?
Schedule a confidential meeting. Within 48h we'll send a proposal with scope, timeline and pricing.