Embedded Systems Assessment
Embedded systems are computer systems that are integrated into a specific technical context. Typical tasks of embedded systems are monitoring or controlling as well as data and signal processing in the context of larger mechanical or electrical systems.
While embedded systems are commonly used in industrial areas, they are becoming more and more prevalent in consumer products and often are equipped with connections to internal networks or the Internet. In this context, the terms Internet of Things (IoT) or cyber-physical systems (CPS) are often used to describe the connectivity of everyday objects. In the industrial domain, the term Industry 4.0 describes the increasing automation and interconnection of production facilities and logistics.
With the growing interconnectivity of embedded systems, several new threats and security risks arise for operators and users of these systems. In an assessment of embedded systems, these threats are analyzed and evaluated from the perspective of an attacker.
Depending on the assessed systems, the following activities are conducted as part of the analysis:
- Analysis of Hardware (e.g., data extraction from chips, access to debug interfaces).
- Analysis of communication within the embedded system (e.g., data transfer between chips or processors).
- Analysis of communication with external components or backend services (e.g., via fieldbuses, Bluetooth, Wi-Fi, or mobile connections).
- Analysis of firmware and firmware update processes.
As a result of the analysis, you will receive a comprehensive assessment of identified security risks. The mitigation of these risks is supported by a detailed description of proposed measures.
Typical objects for assessments are:
- Industry 4.0, process IT (systems for controlling and monitoring of machines and facilities)
- Automotive (electronic control units, vehicle sensors, fieldbuses, etc.)
- Consumer products (office and nework devices, multimedia devices, domestic appliances, etc.)
- Building automation as well as instrumentation and control systems