Embedded System Assessment

Protect Devices Running Embedded Software

Sophisticated attackers frequently target cryptographic primitives, protocols, trust models, authentication routines, and "secure" systems that make use of those controls. Our assessment methodologies are tailored to the nuances of the embedded platform and look for issues that could allow an attacker to bypass authentication controls, provision or assign the device, program the device remotely, and tamper with data.

All of our assessments generate and leverage a Threat Model for precision inspection. With 20+ years experience analyzing and implementing security for embedded systems, we can conduct an in-depth assessment at the device, architecture, code and as-built levels providing detailed findings and recommended defense mechanisms.

An Integrated Approach to Embedded Security

Our embedded system assessment is a methodical review of the security risks, threats, and attack surfaces in a system, device, or component (e.g. communication protocol). Each assessment documents:

  • Security and functional objectives
  • How your system could be attacked and steps to realize each threat
  • Mitigation controls for vulnerabilities discovered

Secure Design Review

The use of hardware security (i.e. TPMs or HSMs, encryption, digital signatures, and message authentication) does not ensure a secure system. These security primitives must be deployed within a secure design to ensure your product and infrastructure is protected from intrusion. A design review will help identify high risk areas, flaws and damage potential, and offer concise security recommendations. Learn more about our design review services.

Firmware Security Assessment

We analyze the security of device firmware and its update distribution process to ensure best practices like cryptographically signing updates and using authentication hardware to verify signatures are being implemented.

Security Code Review

Using static analysis tools and manual review techniques, our engineers conduct a security code review to identify critical security defects, enabling you to prevent serious problems from propagating. 

Penetration Testing

For more than a decade, organizations have relied on our experts to conduct attacks on embedded systems with the same level of determination and sophisticated that an attacker would. Leveraging dozens of specialized tools and years of experience conducting manual attacks, our engineers conduct a penetration test to get you the breadth and depth of coverage that you need.