Embedded / Internet of Things

Finding vulnerabilities

Our lives become increasingly digitized. We use ever more interconnected devices to interact with our environment, yet the security requirements are high. The consequences of insecure IoT devices were impressively demonstrated by the Mirai botnet, which launched the largest observed DDoS attack to date. A different threat is posed in the embedded sector, as various parts of critical infrastructure is managed by such devices.

What we test

Each IoT or embedded penetration test is adjusted to your specific device. We check basic security functions as the authentication or the authorization management. Furthermore, we examine the deployed encryption mechanisms for common weaknesses. We also ensure that important functions, like firmware updates, are implemented in a secure manner.

Our approach

In the first step, you receive a detailed checklist with requirements we have for the assessment. With the start of the audit, we have a joint preliminary discussion, to clarify details and to become familiar with the application. We start the penetration test immediately afterwards. We utilize a checklist to ensure that no important subject is missed. We also implement a more creative part, where the auditor is testing freely. We document the results in a detailed report, which is addressed in a concluding discussion.

What you can expect

You receive a detailed report with the identified vulnerabilities from us. We extensively explain the criticality of the vulnerabilities and what impact they have on you effectively. We provide you with all the means to reproduce the found vulnerabilities yourself. Furthermore, we include specific instructions on how to sustainably remedy the vulnerabilities. You receive the report within one week in advance of our concluding discussion, allowing you to read it carefully and prepare any open questions. Naturally, we are available for any ensuing requests as well.