Surprise! Your Smart Devices Can't Outsmart Hackers

A smart device security test is the ultimate way to discover risks within your IoT and embedded products.

This comprehensive security test analyzes your product from the chip and firmware to radio communication, mobile applications, web applications and cloud environments. Each component is analyzed individually and together with its integration points to provide a thorough assessment of how your product could be hacked. We do this so you can better understand how your product could be reverse engineered to steal intellectual property, hacked to do things it wasn't intended to do or leak your customer data.

Smart Device Security Testing Process

Our process begins with a threat modeling session to determine where the highest likelihood for attacks lies. Then we take a deep dive into your entire system — in full attack mode — to put our theories to the test. Read on to learn more about our process.

  • Recon

    Recon

    The first step is perhaps the most important one in a successful security test. We perform reconnaissance and look around for anything that will help us establish a foothold into your system. We dig through FCC filings, marketing materials, blog posts, and user manuals, looking for details about the components that were used, communication protocols, hardcoded or default credentials, and other useful data.

    We also will tear the device down to the board and look for exposed test points, memory modules, SD card slots, or accessible ports (USB, network, serial, PS/2, VGA, HDMI, etc). Logic analyzers, oscilloscopes and other test equipment will be used to inspect each pin, pad and test point. We'll test your device by putting it through its normal use while it's hooked-up to our smart device interception lab. Your devices will be scanned for running services and network activity will be analyzed.

  • Threat Modeling

    Threat Modeling

    Now that we have additional information from our recon phase, we conduct another round of threat modeling to adjust our plan of attack. It's not unusual to hear one thing from an engineering team in the initial round of threat modeling and then find out something has changed in the spec once we do our own round of recon. For example, we've encountered statements like, "our system doesn't have Bluetooth capabilities," but our recon showed that Bluetooth was active and listening!

  • Vulnerability Discovery

    Vulnerability Discovery

    This is where the testing gets intense! We combine the knowledge we gained during the recon phase with our attack plan from threat modeling and begin to raid your system using the same techniques hackers might use. We'll attempt to connect to debugging test points to access memory and look for embedded secrets or extractable firmware. If we can get access to the firmware directly from the board or through intercepting over-the-air (OTA) firmware updates, we'll drill down into coding weaknesses, cloud access keys, security certificates, hardcoded credentials, backdoors and encryption keys.

    We'll also analyze every service running on the device and look for weaknesses by intercepting all network and RF communication (BLE, Zigbee, sub-GHz, infrared, and others). We apply our robust methodology towards mobile security and application security testing as well.

  • Exploitation

    Exploitation

    Once weaknesses are discovered, we use custom-developed and off-the-shelf exploit code to dig deeper into the system. This often provides access to areas never intended for public use, which leads to the discovery of additional vulnerabilities.

  • Why We Are The Experts

    Why We Are The Experts

    Our comprehensive approach to embedded device security testing provides you with the best real-world view of the risks your products might pose to your organization and your customers. Our consultants not only have extensive experience hacking smart devices and embedded systems of all types, but they also have experience building embedded systems which gives us a unique perspective.

    We've also been asked to speak about smart device security at events such as the Embedded Systems Conference, Smart Manufacturing Summit, Madison Security Group, Embedded Online Conference and private Fortune 100 engineering team workshops.

    Recent Speaking Engagements

    Internet of Insecure Things: Embedded Systems Through the Eyes of a Hacker
    Embedded Systems Conference: Boston 2019 »
    Embedded Systems Conference: Silicon Valley 2019 »
    Embedded Systems Conference: Minneapolis 2018 »


    Panel: Hacking the Autonomous Vehicle
    Embedded Systems Conference: Silicon Valley 2019 »


    Leveraging IIoT without Compromising Data Privacy or Cyber Security
    Smart Manufacturing Summit 2018 »


    IoT Hacks: Behind the Scenes
    Embedded Online Conference 2020 »

  • Key Deliverables

    Key Deliverables

    A smart device security assessment from Fracture Labs includes:

    • A complete tear-down of your device including de-chipping, memory extraction and debug test point analysis. We use oscilloscopes, logic analyzers, serial connectors, FTDI cables, debuggers, and programmers to provide a thorough analysis of the hardware risks.
    • An in-depth analysis of network traffic, API calls and local storage — looking for security weaknesses
    • Exploitation attempts against potential weaknesses to better demonstrate the risk each poses to your organization
    • A detailed report highlighting vulnerabilities, exploitation proof-of-concept attacks, remediation recommendations, and prioritization guidance so that you can fix the issues before an attack.

    Stuff happens. With an ongoing onslaught of hacks, malware and viruses targeting your network, it's easy to overlook something. That's why unlike other providers, we work with your engineers and devops to implement solutions. We outline and prioritize the list of fixes so that your developers can spend their time making repairs and not sifting through paperwork. Contact us to discuss your smart device security testing project today.

  • Success Stories

    Success Stories

    Learn how we've helped our valued clients improve their security posture and mitigate risk by leveraging the power of smart device security testing.

    We were able to access internal network assets including sensitive customer and employee information by connecting to an organization through a smart light.


    We discovered a weakness in a consumer home security camera system that allowed an attacker to take control over the video feeds and alerts for all customers.


    We uncovered embedded AWS secret keys in a smart home device that provided access to all customer information stored in the cloud.


    We gained complete control of all lighting capabilities in a municipal lighting system by sending a custom exploit.


    We discovered vulnerabilities that could be attacked remotely, allowing a hacker to take complete control of smart device controllers through the analysis of intercepted firmware update files.


    We were able to gain console access to a smart device controller which allowed for the successful bypass of the bootloader, resulting in complete control of the device by re-soldering broken UART connections.


    We were able to intercept unencrypted firmware and create backdoored malicious firmware that could be used to silently infect a victim user and provide persistent access to the victim internal network by chaining a series of weaknesses across two smart devices, the mobile application, and cloud APIs.


    We successfully partnered with a smart-device company to improve the security of their products from the design phase, rather than after development and manufacturing by completing a series of penetration tests that exposed weaknesses and guided the engineering team on how to fix them. Through lessons learned, the maturity of the organization's security protocols has grown exponentially (and continues to) with every completed pen test.

From the blog

Check out our blog to get the latest infosec how-to articles, best practices and strategies written by our offensive security experts. Cyber crime isn't going anywhere, so stay informed and on top of it!

Big Breaks Come From Small Fractures.

You might not know how at-risk your security posture is until somebody breaks in . . . and the consequences of a break in could be big. Don't let small fractures in your security protocols lead to a breach. We'll act like a hacker and confirm where you're most vulnerable. As your adversarial allies, we'll work with you to proactively protect your assets. Schedule a consultation with our Principal Security Consultant to discuss your project goals today.