Hardware security assessment service tests the physical device instead of it software (OS and apps) installed on a machine’s hardware. The factors like availability, Integrity, confidentiality, authentication and non-repudiation can be affected if security of the device is breached. Our assessment service covers range of hardware products that include Industrial Control systems (ICS) such as sensors, programmable logic controller (PLC), point of sale (PoS) devices, automobiles, embedded appliances deployed standalone or connected with different appliances in a network etc.

In current era, an ever-increasing number of smart devices bring connectivity and communications to many hardware devices --- and security needed to be provided to the hardware part of these devices along with the software.

It is necessary to consider vulnerabilities that persist in hardware from its time of manufacturing and available from other forums publish on for hardware device breaches/security. Although, any device should be protected (and temper proof), if it connects even indirectly to the internet; the stringency of that protection should be based upon the sensitivity of the device and its utilization. Any device that can be physically accessed is vulnerable and can be prone to leak critical information. 

Breaching the Device through Hardware

There are various ways by which one can enter the device and get critical information. This can be done by many methods of connectivity present in the machine.

Reconnaissance

Acquiring all the information on the device publicly available.

  • Check for the device information.
  • Check for the Component, e.g., SoC, Flash ROM used in the device
  • Check for the interfaces support provided by the SoC.

Access through USB like interfaces

  • Validation of Data Transferring through the USB port.
  • Validate whether the USB debugging is enabled or not
    • The device firmware can be accessed and replaced easily if it is enabled
  • Validate the Android Debug Bridge (ADB) Connection Establishment

Access through Board Interfaces (UART, JTAG, I2C, SPI) after Disassembly

All of these methods can directly access the firmware.

  • Validate if the UART pins are present on the Board.
    • Bypass the hardware Security of the UART
    • Identify the Baud rate through multiple methods.
  • Check for JTAG pins
  • Check for SPI or I2C pins on the board.

Accessing and Dumping of Firmware from Flash ROM (If available onboard)

  • Dumping of firmware from Flash ROM
  • Writing of modified firmware to Flash ROM

Bypassing the Security parameters of the Device (e.g., Fingerprint)

  • Identify the working protocol of the Device.
  • Exploitation after reconnaissance

Write us a message