Riscure Device Penetration testing is tailored to the needs of embedded device manufacturers who would like to evaluate risks of an actual attack in-the-wild. Based on our strong expertise in both software and hardware security, Riscure continuously innovates to take in account the constantly evolving security landscape, as well as the customer needs. This service can be delivered in one of the three packages so that you can tailor the evaluation depth and budget to your needs. Please select the options in the form below and feel free to get in touch with us, should you have any questions.
What do you get?
The penetration testing will result in a list of findings, which gives an indication how your product stands against known and emerging attacks. It allows you to develop fixes or mitigations, when deemed required, to prevent any exploitation in the field that could impact your business.
Beyond improving the security of your current product, Riscure can also advise on further technical improvements. The provided input helps to raise security awareness among the developers and support security stakeholders on decision-making and risk-managing processes.
Riscure differentiates itself from other labs with its extensive knowledge on embedded and chipset security and by performing thorough and innovative security evaluations in an efficient manner. Based on the effectiveness of our service, customers frequently come back to us to build a long term relationship. We are fully capable of exceeding the customers expectations due to our extensive expertise in hardware and software security, advanced hardware and software penetration testing skills and state-of-the-art security test tools.
The penetration testing starts with information gathering to understand the target, threat model and attack mitigation mechanisms. This is followed by the testing of the target which can include logical, fault injection and side channel attacks, depending on the customer needs. As logical attacks are usually more scalable, they will get higher attention unless you give them a lower priority. In order to compromise the integrity, confidentiality or availability of the assets, we typically probe input interfaces, attempt to reverse engineer the code, bypass any existing protection measures such as Secure Boot implementation, memory or firmware encryption, firmware update authentication, etc.