The security risks relating to technology products are well recognised by regulated sectors such as financial services or telecoms. Organisations like these, with a mature understanding of cyber security will penetration test products to ensure that user security is not compromised.
But any company designing and manufacturing a product for the enterprise or SMB markets, whether it’s a printer, phone system or software application, should follow the same due diligence. This also applies to products going into peoples’ houses, consumer devices such as routers and set top boxes.
These problems are rapidly becoming more urgent, with the rush to exploit and secure the Internet of Things and the promise of billions of connected devices. It’s always easier to design in security from the beginning than to think about it only when customers have been hacked.
At Context, our product security evaluation service is designed to help you ascertain how well a product has been developed from a security perspective, and how well it will stand up to a wide range of threats. Whether it's your product, or one you're thinking about buying, using or recommending, we will attack it like a hacker would, to find any vulnerabilities and likely areas of weakness. Think of it as red-teaming a product.
We use a wide range of tools and techniques for analysing the security of a product, depending on the relevant threats and the scope of the test. These may include anything from the network, radio-frequency, hardware, firmware and software perspectives. Many of these evaluations include several different aspects, depending on the product and the agreed scope of the evaluation.
Some of the devices and systems we have worked on include:
- Consumer and enterprise networking equipment
- CCTV, smart locks and security alarm systems
- Consumer entertainment systems and mobile phones
- Enterprise IP telephony and teleconferencing equipment
- Industrial control systems, vehicles and high-assurance systems
- HVAC, building management and access control systems