Our customized threat modeling identifies vulnerabilities within your security posture that puts your most valuable organizational and client data — the crown jewels — at risk.
Our security audits and vulnerability assessments are based on industry standards and best practices to assess weaknesses in your cloud environment and network, as well as mobile and web-based apps.
Our sophisticated testing services delve into your network, smart devices and other systems to expose critical security deficiencies.
A smart device security test is the ultimate way to discover risks within your IoT and embedded products.
This comprehensive security test analyzes your product from the chip and firmware to radio communication, mobile applications, web applications and cloud environments. Each component is analyzed individually and together with its integration points to provide a thorough assessment of how your product could be hacked. We do this so you can better understand how your product could be reverse engineered to steal intellectual property, hacked to do things it wasn't intended to do or leak your customer data.
Our process begins with a threat modeling session to determine where the highest likelihood for attacks lies. Then we take a deep dive into your entire system — in full attack mode — to put our theories to the test. Read on to learn more about our process.
The first step is perhaps the most important one in a successful security test. We perform reconnaissance and look around for anything that will help us establish a foothold into your system. We dig through FCC filings, marketing materials, blog posts, and user manuals, looking for details about the components that were used, communication protocols, hardcoded or default credentials, and other useful data.
We also will tear the device down to the board and look for exposed test points, memory modules, SD card slots, or accessible ports (USB, network, serial, PS/2, VGA, HDMI, etc). Logic analyzers, oscilloscopes and other test equipment will be used to inspect each pin, pad and test point. We'll test your device by putting it through its normal use while it's hooked-up to our smart device interception lab. Your devices will be scanned for running services and network activity will be analyzed.
Now that we have additional information from our recon phase, we conduct another round of threat modeling to adjust our plan of attack. It's not unusual to hear one thing from an engineering team in the initial round of threat modeling and then find out something has changed in the spec once we do our own round of recon. For example, we've encountered statements like, "our system doesn't have Bluetooth capabilities," but our recon showed that Bluetooth was active and listening!
This is where the testing gets intense! We combine the knowledge we gained during the recon phase with our attack plan from threat modeling and begin to raid your system using the same techniques hackers might use. We'll attempt to connect to debugging test points to access memory and look for embedded secrets or extractable firmware. If we can get access to the firmware directly from the board or through intercepting over-the-air (OTA) firmware updates, we'll drill down into coding weaknesses, cloud access keys, security certificates, hardcoded credentials, backdoors and encryption keys.
We'll also analyze every service running on the device and look for weaknesses by intercepting all network and RF communication (BLE, Zigbee, sub-GHz, infrared, and others). We apply our robust methodology towards mobile security and application security testing as well.
Once weaknesses are discovered, we use custom-developed and off-the-shelf exploit code to dig deeper into the system. This often provides access to areas never intended for public use, which leads to the discovery of additional vulnerabilities.
Our comprehensive approach to embedded device security testing provides you with the best real-world view of the risks your products might pose to your organization and your customers. Our consultants not only have extensive experience hacking smart devices and embedded systems of all types, but they also have experience building embedded systems which gives us a unique perspective.
We've also been asked to speak about smart device security at events such as the Embedded Systems Conference, Smart Manufacturing Summit, Madison Security Group, Embedded Online Conference and private Fortune 100 engineering team workshops.
Internet of Insecure Things: Embedded Systems Through the Eyes of a Hacker
Embedded Systems Conference: Boston 2019 »
Embedded Systems Conference: Silicon Valley 2019 »
Embedded Systems Conference: Minneapolis 2018 »
Panel: Hacking the Autonomous Vehicle
Embedded Systems Conference: Silicon Valley 2019 »
Leveraging IIoT without Compromising Data Privacy or Cyber Security
Smart Manufacturing Summit 2018 »
IoT Hacks: Behind the Scenes
Embedded Online Conference 2020 »
A smart device security assessment from Fracture Labs includes:
Stuff happens. With an ongoing onslaught of hacks, malware and viruses targeting your network, it's easy to overlook something. That's why unlike other providers, we work with your engineers and devops to implement solutions. We outline and prioritize the list of fixes so that your developers can spend their time making repairs and not sifting through paperwork. Contact us to discuss your smart device security testing project today.
Learn how we've helped our valued clients improve their security posture and mitigate risk by leveraging the power of smart device security testing.
We were able to access internal network assets including sensitive customer and employee information by connecting to an organization through a smart light.
We discovered a weakness in a consumer home security camera system that allowed an attacker to take control over the video feeds and alerts for all customers.
We uncovered embedded AWS secret keys in a smart home device that provided access to all customer information stored in the cloud.
We gained complete control of all lighting capabilities in a municipal lighting system by sending a custom exploit.
We discovered vulnerabilities that could be attacked remotely, allowing a hacker to take complete control of smart device controllers through the analysis of intercepted firmware update files.
We were able to gain console access to a smart device controller which allowed for the successful bypass of the bootloader, resulting in complete control of the device by re-soldering broken UART connections.
We were able to intercept unencrypted firmware and create backdoored malicious firmware that could be used to silently infect a victim user and provide persistent access to the victim internal network by chaining a series of weaknesses across two smart devices, the mobile application, and cloud APIs.
We successfully partnered with a smart-device company to improve the security of their products from the design phase, rather than after development and manufacturing by completing a series of penetration tests that exposed weaknesses and guided the engineering team on how to fix them. Through lessons learned, the maturity of the organization's security protocols has grown exponentially (and continues to) with every completed pen test.
Check out our blog to get the latest infosec how-to articles, best practices and strategies written by our offensive security experts. Cyber crime isn't going anywhere, so stay informed and on top of it!
Are you wondering how to get started with embedded device security testing and what tools are needed for hardware hacking? Whether you are trying to reverse engineer and hack an embedded system or are looking to make modifications to an IoT device, part one of our Hardware Hacking Lab series will introduce you to some of the physical tools we rely on most to perform our smart device security assessments. Look for additional posts later that will walk through the hardware and software tools needed to get started.
The recent wave of WannaCry ransomware attacks has shed a lot of public light on the Windows SMB remote code execution vulnerability patched by MS17-010 and has fortunately resulted in organizations applying the security update to prevent further infections. While much of the focus has been on patching desktops and servers, it’s easy for many organizations to continue to neglect devices running the Windows Embedded 7 OS.
The level of knowledge sharing that takes place within infosec is amazing! Many security researchers take time to publish their scripts, tips, successes, and failures on Twitter for all to see, so as a security professional, it’s important to learn how to effectively use Twitter to hone your craft.
Red teamers can learn new tactics, techniques, and procedures (TTPs) by following other red teamers. Blue teamers can learn new detections or preventative controls published by other blue teamers.
You might not know how at-risk your security posture is until somebody breaks in . . . and the consequences of a break in could be big. Don't let small fractures in your security protocols lead to a breach. We'll act like a hacker and confirm where you're most vulnerable. As your adversarial allies, we'll work with you to proactively protect your assets. Schedule a consultation with our Principal Security Consultant to discuss your project goals today.
© 2020 FRACTURE LABS, LLC ALL RIGHTS RESERVED