Connected Devices Security

Connected Devices Security

Five minutes - the average time it takes for a connected device to be attacked once connected to Internet. Up to 25 billion new connected devices will be introduced within two years. Each one of the them could be a new potential attack vector.

Connected Devices Security Truesec Services

How do you ensure your connected devices are not a security risk for you company?

Let Truesecs experienced security team evaluate the security of your connected devices to prevent an attacker from breaching your organization. We use different approaches regarding what type of connected device you are using:

  1. Internet of Things
  2. ICS/SCADA
  3. Embedded devices

 

1. Internet of Things

Review of the device itself, to discover vulnerabilities in the firmware and list possible ways to extract secrets. The communication from the device to the underlying gateway or cloud is also reviewed to make sure it meets up with secured standard. So called Spoofing is made through impersonation to pretend to be the unit and see what we can manipulated.

Review based on communication

  • if the device communicates with a gateway, this communication will be reviewed in different ways.
  • if the device communicates with “the cloud” potential vulnerabilities will be listed, how data is managed (GDPR), if there are open administrator interfaces or if, for example, there is proper multi-tenant separation.

Internet of Things devices can be inspected in different ways. Truesec can help you test your devices in the following ways:

 

2. Industrial Constrol System (ICS)/Supervisory Control & Data Acquisition Systems (Scada)

ICS or Industrial control system is a general term for monitoring and controlling processes in industries where the system often is implemented as Scada systems. These systems have often a direct impact on the company’s operation if they are manipulated or being shut down which make them a high-risk system.

During a security audit of an ICS/Scada system, the communication to governing units, such as PLC, is reviewed for how it is implemented and if there are any weaknesses that allows to manipulate this communication. That network separation is implemented to enable the devices to work on a secure system is also something that normally is reviewed during a security audit on these types of systems.

ICS/SCADA devices can be inspected in different ways. Truesec can help you test your devices in the following ways:

 

3. Embedded devices

We can help you design, implement, review and test security for embedded systems. Truesec can help you test your embedded device in the following ways:

  • Review of system architecture and design
  • Threat modeling
  • Secure firmware development
  • Firmware code review
  • Firmware reverse engineering
  • Board level hardware reverse engineering

We also do full whitebox or blackbox security tests of varying scope. And the team have worked with everything from tiny resource-constrained microcontrollers up to powerful embedded Linux systems.

Common points of interest

  • Hardware based security features
  • Secure boot
  • Root of trust
  • Device provisioning
  • Firmware updates
  • Secure elements and Trusted Platform Modules
  • Mitigations against hardware attacks (fault injection, power analysis etc.)
  • Trusted Execution Environments (Arm TrustZone, TrustZone-M etc.)
  • Cryptography for embedded systems (secure communications and data at rest)

 

Haven't found what you are looking for?

Our team of experts loves questions.

Contact us

Cookie Information
We use cookies for this website to work properly for you. By continue to navigate this website, you agree to this. Read more about cookies here and our Privacy Policies here. 

Subscribe to our mailing list!



Email address:


I have read and agree to the terms & conditions

You can change your mind at any time by clicking the unsubscribe link in the footer of any email you receive from us, or by contacting us at info@truesec.com. We will treat your information with respect. For more information about our privacy practices please visit our website. By clicking below, you agree that we may process your information in accordance with these terms. We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp's privacy practices here.