Security starts at ring zero. So do we.

 

In our embedded security practice, we take the same research-centric approach we use in all our engagements and apply it to complex hardware, firmware, and embedded operating system targets. We start by mapping out our test objectives in collaboration with our clients, working closely with engineers and developers to achieve a sound understanding of the design, architecture, and threat scenarios to model out in our assessment.

From there, we tear our targets down to their basic building blocks: mapping out circuits and hardware communication channels, identifying reachable attack surface, reverse-engineering and instrumenting firmware, bootloaders, and monolithic software. We then work our way back up to the high level logic to model out the attack scenarios previously developed. Next, we build out proof of concept attacks demonstrating our threat models and attack chains so we can deliver actionable, clearly-documented findings. Finally, we help our clients ship secure products by collaborating in the remediation process.

Key Skills - Embedded Security

  • Mobile Security Research
    • OS security assessment of all major platforms
    • TZ, bootloader and baseband security assessment
    • MDM, mobile threat, and mobile application security
    • Cellular protocol analysis and security testing
    • Mobile device hardware security assessment
  •  Embedded Security Research
    • IoT and Smart Device Penetration Testing
    • Hardware Reverse Engineering Simulation
    • I2C/SPI/Hardware Bus Debugging and Analysis
    • Circuit-level debugging and hardware subversion
    • Hardware Attack Proof-of-Concept and Hardware Exploitation
  • Smart Grid, Medical and Critical Infrastructure
    • Device Communication Bus Analysis 
    • Protocol Analysis and Custom Protocol Attack Creation
    • Medical Device and Appliance Assessment
    • Proprietary RF Protocol Analysis
    • Smart Grid penetration testing
      • Gas, Water, and Electric Smart Grid Assessment
      • Smart Meter, AMI, D/A security assessment
      • HA/HAN wireless (WiFi, Zigbee, other) assessment
      • MDMS, OMS/DMS and EMS penetration testing