Our product security assessment service is designed to help you ascertain how well a product has been developed from a security perspective and the level to which it might stand up to relevant cyber threats.
Whether it's your product, or one you're thinking about buying, using or recommending, we'll attack it like a hacker would, to find any obvious vulnerabilities and likely areas of weakness.
Examples of products we can test:
- Embedded systems such as routers, printers, storage devices
- Enterprise VPN solutions,
- Enterprise mobile applications,
- Vehicle trackers
- Mobile and IoT products that have a security implication
Product security testing
This service is designed to deliver the level of assurance for the appropriate threats. It is not a full product assurance process, which can take many weeks (if you do want that, or want to sell to UK Government, look into CPA or CTAS), but a way of achieving a pragmatic measure of assurance in the security of a product.
Each assessment is tailored to the product and to your requirements. We will work with you to determine a suitable scope for the evaluation, taking into account the likely threat to the product and the impact of a breach in security.
Features of our product security testing service:
- Hardware teardown
- Firmware dumping and boot process modification
- Firmware analysis and firmware update protections
- Device configuration and storage protection
- Network protocol testing
- Bluetooth testing
- Web server fuzzing and crash analysis
- Open investigation
Our experience in pen testing hardware products
Our Research team have a real mix of skills and experience, but share a core set of reverse engineering, vulnerability research and software development skills.
Previous customers include global technology vendors, corporate and government organisations.
As we won’t discuss previous customer tasks, here are some examples of what we've found in other commercial products that we investigated for our own research:
- Turning a BLE stuffed toy into an espionage device
- Hacking an Android based video-conference phone
- Breaking Android phones with an SMS
- Reverse engineering an outdoor cloud security camera to steal secrets, including the home network’s Wi-Fi password
- Disabling a smart burglar alarm
- Hacking into internet connected light bulbs
- Hacking a wireless printer
Download our Product Security and Evaluation fact sheet for more information.
