Device Security Testing

Whether you’re building a new device or enhancing an existing one, our comprehensive security testing approach ensures that the product is resilient, compliant, and ready to be connected to a constantly changing digital landscape.

Our services

Through the Device Security Testing service, intWave performs a holistic security assessment to a device (or device component).

The testing involves:

  • Device teardown and hardware reverse engineering
  • Peripheral Interface security inspection
  • Debug / Programming Interface inspection
  • Firmware extraction and analysis
  • Data extraction and analysis
  • Security Testing of custom code, bare metal firmware, embedded OS, middleware, libraries and frameworks
  • Wired & Wireless communications inspection

Deliverables

  • Detailed Security Assessment (and retest) report consisting of
    • An Executive Summary
    • A Walkthrough describing how the assessment was conducted with demonstrations of findings and proof-of-concept attacks
    • A detailed description of identified vulnerabilities with clear reproduction steps
    • Vulnerability impact & risk analysis
    • Detailed vulnerability resolution recommendations
  • Letter of Assessment

Other related services

  • Source Code Auditing to identify even more vulnerabilities in the product firmware source code.
  • Web, Mobile or Desktop Application Security Testing to examine the security of Companion Applications and Backend systems in the product ecosystem.
  • Secure Product Design to help implement new secure-by-design mechanisms.
  • Security R&D to obtain prototypes of non-trivial security features in hardware or software.
  • Product Security Documentation such as a Security Architecture document, that assists in product development, marketing and customer procurement processes.
  • Secure Development Training to further educate on vulnerability patterns that were identified during testing.

Benefits

  • Discovery of vulnerabilities in the whole product stack (enclosure, electronics, embedded firmware and communications).
  • Security testing using advanced techniques (e.g. reverse engineering, fuzz testing, fault injection, static / dynamic analysis, emulation & rehosting).
  • Examination of product security controls with reference to regulatory requirements and industry standards.
  • Remediation of security vulnerabilities through expert guidance.
  • Efficient project management with bi-weekly updates and integration with client task management tools.
  • Prevention of reputational and financial damage arising from cyber risks.
Read More
Schedule a meeting