Connected Devices Security

Connected Devices Security

Five minutes - the average time it takes for a connected device to be attacked once connected to Internet. Up to 25 billion new connected devices will be introduced within two years. Each one of them could be a new potential attack vector.

Connected Devices Security Truesec Services

How Do You Ensure Your Connected Devices Are Not a Security Risk for Your Company?

Let Truesec’s experienced security team evaluate the security of your connected devices to prevent an attacker from breaching your organization.  We use different approaches depending on the type of connected device you are using:

  1. Internet of Things
  3. Embedded devices


1. Internet of Things

This is a review of the device itself, to discover vulnerabilities in the firmware and list possible ways to extract secrets.  The communication from the device to the underlying gateway or Cloud is also reviewed to ensure it adheres to secured standards.  So-called Spoofing is conducted by impersonating the unit to see what can be manipulated.

Review Based on Communication

  • If the device communicates with a gateway, this communication will be reviewed in several ways.
  • If the device communicates with “the Cloud” potential vulnerabilities will be listed, how data is managed (GDPR), if there are open administrator interfaces or if, for example, there is proper multi-tenant separation.

Internet of Things devices can be inspected in different ways.  Truesec can help you test your devices in the following ways:


2. Industrial Control System (ICS)/Supervisory Control and Data Acquisition Systems (Scada)

ICS or Industrial Control System is a general term for monitoring and controlling processes in industries where the system often is implemented as a Scada system.  These systems have often a direct impact on the company’s operation if they are manipulated or being shut down which makes them a high-risk system.

During a security audit of an ICS/Scada system, the communication to governing units, such as PLC, is reviewed for how it is implemented and if there are any weaknesses that allow manipulation of this communication.  That the network separation is implemented to enable the devices to work on a secure system, is also something that normally is reviewed during a security audit on these types of systems.

ICS/SCADA devices can be inspected in different ways.  Truesec can help you test your devices in the following ways:


3. Embedded Devices

We can help you design, implement, review, and test security for embedded systems.  Truesec can help you test your embedded device in the following ways:

  • Review of System Architecture and Design
  • Threat Modeling
  • Secure Firmware Development
  • Firmware Code Review
  • Firmware Reverse Engineering
  • Board-level Hardware Reverse Engineering

We also conduct full white-box or black-box security tests of varying scopes.  Our team has worked with everything from tiny resource-constrained microcontrollers to powerful embedded Linux systems.

Common Points of Interest

  • Hardware-based Security Features
  • Secure Boot
  • Root of Trust
  • Device Provisioning
  • Firmware Updates
  • Secure Elements and Trusted Platform Modules
  • Mitigations Against Hardware Attacks (Fault Injection, Power Analysis etc.)
  • Trusted Execution Environments (Arm TrustZone, TrustZone-M, etc.)
  • Cryptography for Embedded Systems (Secure Communications and Data at Rest)


Haven't found what you are looking for?

Our team of experts loves questions.

Contact us

[mc4wp_form id="2129"]

Cookie Information
We use cookies for this website to work properly for you. By continue to navigate this website, you agree to this. Read more about cookies here and our Privacy Policies here.