Embedded Systems Assessment

Em­bed­ded sys­tems are com­puter sys­tems that are in­te­grated into a spe­cific tech­ni­cal con­text. Typ­i­cal tasks of em­bed­ded sys­tems are mon­i­tor­ing or con­trol­ling as well as data and sig­nal pro­cess­ing in the con­text of larger me­chan­i­cal or elec­tri­cal sys­tems. 
While em­bed­ded sys­tems are com­monly used in in­dus­trial areas, they are be­com­ing more and more preva­lent in con­sumer prod­ucts and often are equipped with con­nec­tions to in­ter­nal net­works or the In­ter­net. In this con­text, the terms In­ter­net of Things (IoT) or cyber-physical systems (CPS) are often used to de­scribe the con­nec­tiv­ity of every­day ob­jects. In the industrial domain, the term Industry 4.0 describes the increasing automation and interconnection of production facilities and logistics.
With the growing interconnectivity of embedded systems, several new threats and security risks arise for operators and users of these systems. In an assessment of embedded systems, these threats are analyzed and evaluated from the perspective of an attacker
Depending on the assessed systems, the following activities are conducted as part of the analysis:
  • Analysis of Hardware (e.g., data extraction from chips, access to debug interfaces).
  • Analysis of communication within the embedded system (e.g., data transfer between chips or processors).
  • Analysis of communication with external components or backend services (e.g., via fieldbuses, Bluetooth, Wi-Fi, or mobile connections).
  • Analysis of firmware and firmware update processes.

As a result of the analysis, you will receive a comprehensive assessment of identified security risks. The mitigation of these risks is supported by a detailed description of proposed measures.

Typical objects for assessments are:

  • Industry 4.0, process IT (systems for controlling and monitoring of machines and facilities)
  • Automotive (electronic control units, vehicle sensors, fieldbuses, etc.)
  • Consumer products (office and nework devices, multimedia devices, domestic appliances, etc.)
  • Building automation as well as instrumentation and control systems