Connected Device Security

Connected Device Security

Connected Device Security is a relatively new domain, and these devices are exposed to a large attack surface through their Wi-Fi, Bluetooth and proprietary RF connections. Connected devices are also vulnerable to attacks through mobile and web applications, or an interface controlled by a thick or thin client, and are at risk of physical hardware attacks targeting the electronics of the device.

Auditing these products require expert skills in a range of specific fields, such as radio signals, electronics, computer systems, network applications and cryptography.

At SSL247®, we are committed to ensuring that your devices, products, employees, clients, and business as a whole are secure from attacks.

In addition to security audits of your connected devices, we can conduct training and best practice advice on the security assessment of connected devices.

Qualys Logo

Request a quote

Methodology and Strategy

Depending on your devices and their attack surface, our teams will work together with you and your teams to develop an action plan and choose an aspect of your product to focus on (for example, testing the back-end environment that your product communicates with), or focusing on the product itself.

The methodology our teams employ for testing your infrastructure is similar to that of application and mobile tests. The aim is to attack all visible layers of the service.

When the tests focus on the product or device itself, there will be some differences in the methodology. The auditor will proceed as follows:

  • Analysis of communication between the device and the master infrastructure or other devices within a decentralised system (for example plug-ins of a home automation system).

  • Retrieval of information via electronic debugging ports (JTAG, UART, etc.) or extraction of the memory from various software chips.

  • Analysis / Reverse engineering of the embedded firmware from the moment it is recovered (for example, electronically or from the manufacturer's website).

These services may also interest you:

Penetration testing

Read more

Social Engineering and red team services

Read more

Security audits

Read more

Which solution is best for your organisation?

Our pentesters have created a tailor-made questionnaire to determine the best services to solve your problems and meet your needs.

Why choose SSL247®?

SSL247® has over 12 years of experience and expertise in the web security industry and numerous accreditations such as the EMEA Symantec Champion Award 2017 and the certification ISO 27001:2013.

Additionally, we have our own department specialised in penetration testing and security audits. Our team is composed of experts that are certified and well-known in the IT security arena (OSCP, OSCE et OPST).

Contact us

For more information on how our security services can benefit your business, get in touch with one of our accredited consultants:

null 020 3740 5676