Hardware and IoT Device Security Assessment
The TrustedSec Hardware Assessment service provides cyber-attack simulations using real-world tactics, techniques and procedures (TTP). The assessment can employ specific goals or blended threat scenarios to test the effectiveness of the hardening procedures before or even after deployment. Devices can include both client developed and third-party provided.
A Hardware Assessment can employ a variety of tactics to assess your information security defenses by manipulating the devices in ways in which it was never intended. This can provide better insight into potential attack vectors that were previously not considered.
With TrustedSec, you can:
- Evaluate the effectiveness of your application development as it relates to hardware devices.
- Vet the security controls of third-party devices.
- Evaluate the device hardening process.
- Ensure unused/unwanted ports and/or protocols do not compromise the device security.
- Determine if sensitive data is stored on or transmitted from the device unencrypted.
Hardware Assessments can include:
- Embedded Appliances – Attack special – purpose computing hardware deployed in networked or standalone environments. Vectors include physical interaction, network connected, GPIO interfaces, serial ports, firmware dumping, etc.
- Automobiles – Evaluate the effectiveness of vehicle communication firewall – if present. Perform evaluation and potential attacks via CAN bus, TPM sensors, keyfob/remote start, Bluetooth, USB, and WiFi input points.
- Point of Sale (POS) – Attack POS terminals, back of house systems, payment pin-pads, and network. Vectors include physical interaction, network connected, application escape, etc.
- Internet of Things (IoT) – Attack of sensors and “smart devices” used to automate and monitor everyday work/living environments. Network vectors include TCP/IP, ZigBee, Z-Wave, and specialized RF communication.
- Industrial Control Systems (ICS) – Attack special-purpose hardware (PLC, sensors, etc.) designed for process control and automation, commonly found in manufacturing, utility ops, etc.
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.