Tune into our first episode of Tool Talk: a how-to series for hackers. REGISTER ›

Protecting Devices & Products We Love

IoT & Product Security Reviews

Our Product Security Reviews put hardware and software under the microscope, conducting binary and protocol analysis, reverse engineering, fuzzing, and physical manipulation that uncovers critical security weaknesses.

IoT & Product Security Review

Verify the security of your IoT and embedded devices.

Whether your product is an Industrial Control System (ICS) or an IoT device, a Product Security Review (PSR) can help you avoid costly hardware revisions and security mistakes in embedded systems. Our experts review devices down to the chip level to identify vulnerabilities in accordance with industry standards such as the OWASP IoT Top Ten. We also review the security of firmware, including the firmware update process, to identify gaps that could lead to your products being used in botnets or taken over by ransomware.

Our PSR service can be bundled or combined with any of our other services to add coverage depth or deeper analysis where required.

Product Security Review highlights:

  • Discover hidden data exposures: We identify sensitive data exposure in channels outside of those normally tested. For example, our consultants have identified a lack of encryption on the Bluetooth Low Energy (BLE) transmissions of a medical device that could lead to an attacker issuing commands or recovering protected health information (PHI).
  • Cutting-edge laboratory: Our laboratory equipment and proven hardware testing methodologies allow us more time for testing and eliminates traditional delays in testing physical devices, resulting in a more thorough assessment than our competitors'.
  • Domain expertise: We have a long history of assessing the security of devices in many industries, including utilities, vehicles, telecoms, smart home devices, medical devices, security systems and electronic locks, as well as a variety of IoT products.
Project Security Review Methodology Feature Transparent

Peek under the hood

Explore Our Product Security Review Methodology

Bishop Fox’s product security review methodology leverages cutting-edge hardware and software security assessment techniques to holistically assess products and their related infrastructure. Each Product Security Review begins with the modeling of practical and theoretical threats against the system, including the consideration of product-specific factors such as the operating environment, users, and the sensitivity of data processed.

Reduce your attack surface

Proactively secure IoT and embedded systems against fast-moving threats.

Image

Identify Devices Leaking Data Across Wireless Channels

We can identify sensitive data exposure in wireless channels outside of the ‘normal’ ones. For example, our consultants discovered a lack of encryption on the Bluetooth Low Energy (BLE) transmissions of a medical device that could lead to an attacker issuing commands or recovering protected health information (PHI).

Image

Protect Over-the-Air Firmware Updates

We test the security of over-the-air firmware updates and the firmware update process to ensure that attackers can't upload malicious firmware to the device. Since this is a common channel an attacker will exploit, it’s essential to identify and block these attacks.

Image

Bolster Secure Design from the Beginning

Build security into your product development process. When used early in product design, a product security review can identify components with known vulnerabilities and avoid costly hardware revisions in the future. After all, the security of your entire environment is only as strong as its weakest link.

Image

Conduct Thorough Testing Every Time

Our cutting-edge labs and proven testing methodologies allow us more time for testing, eliminating traditional delays. More time for actual testing means a more thorough assessment.

Image

Leverage Specialized Expertise in the Latest Technologies

Our consultants have specialized expertise that other firms simply cannot match. We have experts in low-level reverse engineering, software defined radio, CAN bus hacking, aeronautics, industrial control systems (ICS/SCADA), BLE, Zigbee, LoRaWAN, and NFC/ RFID.

Image

Stay Ahead of the Latest Vulnerabilities

Using the latest hardware testing tools and techniques such as glitching and side channel analysis with FPGAs, we identify device security risks – down to the chip level. All in accordance with industry standards like the OWASP IoT Top Ten.

Image

Pair with Other Services as a Force Multiplier

Gain a holistic view of your organization’s security by bundling a Product Security Review with related services such as Threat Modeling, Architecture Security Assessments (ASA), and Cloud Penetration Tests (CPT).

Customer Story featuring Sonos and how they secured their new speaker with hardware-based penetration tests.
Customer Logo

Making secure moves with Bishop Fox

When Sonos was bringing a new voice-enabled speaker to the market, they turned to Bishop Fox to ensure that new features didn’t put customers at risk.

Inside the Fox Den

Meet Our Featured Fox

featured-fox

Nathan Elendt

Senior Security Consultant

Nathan Elendt is a Senior Security Consultant at Bishop Fox. Nathan's primary areas of expertise are web application penetration testing, secure system design, and product security reviews, including Internet of Things (IoT) assessments.

Nathan is an avid IoT researcher and is considered an internal subject matter expert on embedded device security. He has designed and led trainings on hardware hacking, has authored an article on IoT security best practices, and was quoted in CSO Online on IoT security. His IoT work for Bishop Fox includes a review of a suite of connected home security systems for a leading smart lock developer.

Start defending forward. Get in touch today.

We'd love to chat about your offensive security needs. We can help you determine the best solutions for your organization and accelerate your journey to defending forward.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.