Embedded Security Assessment
Embedded systems are computer systems that are integrated into a specific technical context. Typical tasks of embedded systems are monitoring or controlling as well as data and signal processing in the context of larger mechanical or electrical systems.
While embedded systems are commonly used in industrial areas, they are becoming more and more prevalent in consumer products (e.g., in the smart home area) and often are equipped with connections to internal networks or the Internet. In this context, the terms Internet of Things (IoT) or cyber-physical systems (CPS) are often used to describe the connectivity of everyday objects. Typical use cases are as follows:
- Industry 4.0, Process IT (systems to control and monitor machines and facilities in the areas of production and logistics)
- Automotive (automobiles, control units, head units or combined instruments, sensor technology, driver assistance systems, etc.)
- Consumer products (smart home, office and network technology, multimedia systems, household appliances, home automation and monitoring, electronic fitness devices, etc.)
- Health and medical technology (clinical devices, systems to monitor patients and important body functions)
- Home automation and process control
Identification of vulnerabilities in IoT devices or other embedded systems with a risk assessment for specific threat scenarios
How secure is the embedded system and what can external attackers or malicious users and employees achieve in the worst case?
IoT devices or other embedded systems including hardware and interfaces
In an assessment of embedded systems, the hardware as well as the software of the embedded system is analyzed and examined with respect to existing vulnerabilities. Here, the auditor is in the position of an external attacker or a privileged user. Examples for attack vectors range from the reading of storage chips and man-in-the-middle attacks, up to the infiltration of systems by exploiting vulnerabilities in exposed interfaces.
In general, the assessment is based on the approach of an examination that is as comprehensive as possible. However, depending on the type of application or system and the relevant threats, a risk-based approach is also possible (comparable to a). In this case, the focus is on particularly security-critical or endangered areas, whereby the scope of the test is determined by the time budget agreed upon in advance.
The embedded security assessment usually consists of the following parts:
- Analysis of hardware (e.g., data extraction from chips, access to debug and diagnostic interfaces)
- Analysis of firmware and operating systems together with existing update processes
- Analysis of specific security features (e.g., secure boot or HSM integration)
- Analysis of cryptographic methods (e.g., for encryption, signature verification, challenge-response procedures, or entropy of RNGs)
- Analysis of SoC-specific features (e.g., boot chain security, memory isolation, TEE isolation)
- Analysis of communication within the embedded system (e.g., data transfer between chips or processors)
- Analysis of communication with external components or backend services (e.g., via field buses, Bluetooth, NFC, Wi-Fi, or mobile connections)
- Analysis of passive and active side channel attacks (e.g., power analysis or fault injection via power glitching)
- Analysis of application layer (e.g., user inputs or backup functionality)
- Documentation, including a risk evaluation and proposed measures
As a result of the assessment we will provide a detailed report. Depending on the type and scope of the project, the final report will include the following parts:
- Management summary with a description of the results and the security level
- Description of the project approach, scope, schedule and methodology
- Detailed description of identified vulnerabilities in order to understand underlying issues and to enable reconstruction of possible attacks (where necessary with proof-of-concept implementation)
- Detailed description of the iterative exploitation process when using chained vulnerabilities
- Risk assessment of identified vulnerabilities taking into account the IT environment or the application context (risk classification: low, medium, high, critical)
- Description of measures to remedy the vulnerabilities
- If necessary, a description of higher-level strategy, concept and process-related measures or optimization suggestions.