Whether your device contains an embedded operating system or merely confidential logic, odds are you’ve made a substantial investment in intellectual property that needs to be safeguarded.
IOActive experts will dissect the physical and logical security of your device to identify weaknesses. We will identify vulnerabilities that could allow hackers to retrieve confidential data or subvert the device for unauthorized use or malicious attack.
Embedded Platform Security Assessment Methodology
IOActive’s embedded platform security assessment provides a detailed security evaluation of your device and its onboard communication electronics, firmware, operating system functions, data integrity, command and control mechanisms, tamper detection, and any associated management software. We apply our experience performing direct pen testing, architectural code reviews, hardware modification, reverse engineering, advanced logic threat modeling, and in-depth protocol analysis.
We have modified the standard runtime review methodology and applied it to embedded platforms. We can effectively identify issues that could lead to the bypass of genuine security controls around authentication and authorization, device provisioning and assignment, and remote-programming functionality. We test the confidentiality, integrity, and availability of your embedded device using simulated attacks launched from the perspective of a skilled, external attacker with limited knowledge of the internal system.
IOActive’s goal is to apply focused testing to the components that are most likely to be exploited or represent the greatest system impact. For example, if a component uses a well-known protocol, it is more likely to be attacked than one using a proprietary protocol. Similarly, if a component can control the entire device or system, it is more likely to be exploited than one that can only access secondary functions.