Device Testing

Device security poses unique challenges like limited processing power, a complex stack of technologies and attacks against physical interfaces. Our team has years of experience and developed a holistic testing metholodolgy, starting from accurate threat modelling.

“Our goal is to make the digital lives of millions of people more secure.”

Threat modelling

We accurately determine a device’s threat model, gaining an understanding of how it is used, what data it handles, and the realistic attack vectors.

Flexible security testing

No matter what technologies were used to build it, we can identify the issues in the security critical parts of a device by performing code reviews, reverse engineering, and debugging.

Support

We support our clients with mitigation suggestions for the issues we’ve discovered and answer any questions that may arise during implementation.

Our Approach

A device test executes in five steps

1 Information gathering

Provided firmware, documentation
OSINT
Explore device physical interfaces; functionality

2 Threat modelling

Decompose device stack
Determine and rank threats based on incentive, strengthened by damage it may cause, versus effort to exploit

Threat modelling is what we base our test on. We continuously adjust the threat model as we develop a better understanding of the device.

3 Artifact analysis

Firmware analysis
Scan device surface
Develop understanding of security critical functionality
Deep component exploration, reverse engineering

4 Vulnerability exploitation

Try attack ideas generated at the artifact analysis step
Develop Proof of Concept

5 Collect and report vulnerabilities

Create findings report
Specify risk and mitigation suggestion for each finding

Why it matters

Devices have become a part of our life. Whether it’s IP cameras, connected car adapters, SIM card vending machines, smart phones, or routers, security issues in them can lead to movie-like invasions of privacy, identity theft, fraud, information leaks, and more.

We perform a holistic security assessment identifying all relevant risks to our clients and to the end users, and we help mitigate them.

Our research

Some ideas generated while testing one device proved interesting for a larger group of devices. This has lead to us writing state of the art tooling, and creating cutting edge research.

Research done by our team like BadUSB and our Android patch analysis tool can be found on our blog.

Explore more

aLL articles

Smarter is not always wiser: How we hacked a smart payment terminal

blockchain

concept

hacking projects

15/8/2022

The Android ecosystem contains a hidden patch gap

No items found.

2/6/2021

The Android patch ecosystem – Still fragmented, but improving

No items found.

2/6/2021

Device Testing

“Our goal is to make the digital lives of millions of people more secure.”

Threat modelling

Flexible security testing

Support

Our Approach

A device test executes in five steps

1

Information gathering

2

Threat modelling

3

Artifact analysis

4

Vulnerability exploitation

5

Collect and report vulnerabilities

Why it matters

Our research

Some ideas generated while testing one device proved interesting for a larger group of devices. This has lead to us writing state of the art tooling, and creating cutting edge research.Research done by our team like BadUSB and our Android patch analysis tool can be found on our blog.

Explore more

Smarter is not always wiser: How we hacked a smart payment terminal

The Android ecosystem contains a hidden patch gap

The Android patch ecosystem – Still fragmented, but improving

Some ideas generated while testing one device proved interesting for a larger group of devices. This has lead to us writing state of the art tooling, and creating cutting edge research.

Research done by our team like BadUSB and our Android patch analysis tool can be found on our blog.