Devices Security Testing
Nowadays devices are running in a complex environment composed of software, hardware, wireless signals, protocols, cloud and mobile. Attention to security requires a holistic approach, as the attacker will exploit the weakest link in a chain.
Device Security Tests explore potential entry routes from the hacker’s point of view. This enables efficient detection of the most vulnerable component which is crucial in the constantly evolving IoT world.
Depending on needs, device security tests may cover:
– Electronic hardware: secure design, internal and external memory, microcontroller read protection bypass, debug interfaces, communication between components, tamper protection, …
– Wireless signals: Bluetooth Low Energy, Zigbee, 802.15.4, wifi, other proprietary,
– Firmware: upgrade process, binary images analysis (encryption, signing, sensitive information, reversing potential),
– Security analysis of proprietary communication protocols,
– Initial factory provisioning and supply chain,
– IoT cloud,
– Mobile applications,
– Web interface: backend, administrative, device built-in.
Research conducted even by the producers themselves shows that 70 Percent of Internet of Things Devices may be Vulnerable to Attack
What is the scope of sample bluetooth low energy evaluation?
“BLE is one of the most commonly used IoT wireless technologies – popular not only in smart wearables and gadgets, but also smart locks, banking tokens and medical devices.”
Sample scope of BLE security evaluation:
– Sniffing of communication (RF layer sniffer, Android HCI dump), matching real packets with documentation,
– Replay attempts (including “pre-play” and “rolljam” attacks in case one-time keys used),
– Device spoofing, cloning BLE advertisement and services/characteristics,
– Excessive BLE GATT services/characteristics/descriptors,
– Remote relay, abuse of proximity auto-unlock (if available),
– “Man in the Middle” attacks, command injection, data tampering in communication between devices,
– Creating standalone malicious scripts to interact with a device via BLE,
– Logic errors in communication protocol,
– Authentication bypass,
– Invoke unauthorized commands as guest or unauthenticated attacker – for example reset device into factory mode, set new credentials,
– Identification of hidden, undocumented debug commands,
– Fuzzing input (invalid values, invalid length of fields, …),
– Bypass limited, temporary guest time restrictions,
– Verification of device firmware over the air update (DFU) process, firmware images signing/encryption,
– Attempts to flash malicious firmware, abuse DFU process,
– Possibilities for reverse-engineering firmware image, potentially storing hidden secrets that may be used to attack other users’ devices,
– Known security vulnerabilities of used components, including NRF SDK/softdevice,
– Conditions and possible remediation for Denial of Service attacks.
We believe that the key to effective device security testing is deep understanding of how it works and what technologies it is using. That’s why we are constantly updating our know-how by conducting our own research.
If you are interested in security testing of your devices use our contact form for a detailed quote. We will contact you to discuss your specific needs, application functionality and broader context, so the results of security testing will have the highest possible value for you.