Connected Device Security
What is Connected Device (Internet of Things, or IoT) Security?
Connected Device Security is a relatively new domain, and these devices are exposed to a large attack surface through their Wi-Fi, Bluetooth and proprietary RF connections. Connected devices are also vulnerable to attacks through mobile and web applications, or an interface controlled by a thick or thin client, and are at risk of physical hardware attacks targeting the electronics of the device.
Auditing these products require expert skills in a range of specific fields, such as radio signals, electronics, computer systems, network applications and cryptography.
At SSL247®, we are committed to ensuring that your devices, products, employees, clients, and business as a whole are secure from attacks.
In addition to security audits of your connected devices, we can conduct training and best practice advice on the security assessment of connected devices.
Methodology and Strategy
Depending on your devices and their attack surface, our teams will collaborate with yours to develop an action plan and determine the testing target — for example, testing the connected device itself or testing the back-end environment that your device communicates with.
The methodology our teams employ for testing your infrastructure is similar to that of application and mobile tests.
The aim is to attack all visible layers of the service.
Tests that focus speficially on the device itself will be conducted as follows:
- Analysis of communication between the device and the master infrastructure or other devices within a decentralised system (for example plug-ins of a home automation system).
- Retrieval of information via electronic debugging ports (JTAG, UART, etc.) or extraction of the memory from various software chips.
- Analysis / Reverse engineering of the embedded firmware from the moment it is recovered (for example, electronically or from the manufacturer's website).
Why choose SSL247®?
SSL247® have accredited experts with over 15 years' experience in the security industry and have achieved a variety of accreditations, including the EMEA Symantec Champion Award 2017 and ISO 9001:2015 and ISO 27001:2013.
Responsive and flexible
Our accredited security consultants and certified pentesters are here to respond and advise you on the most appropriate approach to follow.
All our consultants and auditors are regularly trained by third-party organisations to be kept informed about the latest vulnerabilities and attack techniques.
Our consultants hold the following certifications, amongst others: OSCP (Offensive Security Certified Professional), OSCE (Offensive Security Certified Expert) and OPST (OSSTMM Professional Security Tester).