Our new SANS research takes you inside the minds & methods of modern adversaries. Get the report ›
Whether your product is an Industrial Control System (ICS) or an IoT device, a Product Security Review (PSR) can help you avoid costly hardware revisions and security mistakes in embedded systems. Our experts review devices down to the chip level to identify vulnerabilities in accordance with industry standards such as the OWASP IoT Top Ten. We also review the security of firmware, including the firmware update process, to identify gaps that could lead to your products being used in botnets or taken over by ransomware.
Our PSR service can be bundled or combined with any of our other services to add coverage depth or deeper analysis where required.
Product Security Review highlights:
Bishop Fox’s product security review methodology leverages cutting-edge hardware and software security assessment techniques to holistically assess products and their related infrastructure. Each Product Security Review begins with the modeling of practical and theoretical threats against the system, including the consideration of product-specific factors such as the operating environment, users, and the sensitivity of data processed.
We can identify sensitive data exposure in wireless channels outside of the ‘normal’ ones. For example, our consultants discovered a lack of encryption on the Bluetooth Low Energy (BLE) transmissions of a medical device that could lead to an attacker issuing commands or recovering protected health information (PHI).
We test the security of over-the-air firmware updates and the firmware update process to ensure that attackers can't upload malicious firmware to the device. Since this is a common channel an attacker will exploit, it’s essential to identify and block these attacks.
Build security into your product development process. When used early in product design, a product security review can identify components with known vulnerabilities and avoid costly hardware revisions in the future. After all, the security of your entire environment is only as strong as its weakest link.
Our cutting-edge labs and proven testing methodologies allow us more time for testing, eliminating traditional delays. More time for actual testing means a more thorough assessment.
Our consultants have specialized expertise that other firms simply cannot match. We have experts in low-level reverse engineering, software defined radio, CAN bus hacking, aeronautics, industrial control systems (ICS/SCADA), BLE, Zigbee, LoRaWAN, and NFC/ RFID.
Using the latest hardware testing tools and techniques such as glitching and side channel analysis with FPGAs, we identify device security risks – down to the chip level. All in accordance with industry standards like the OWASP IoT Top Ten.
Gain a holistic view of your organization’s security by bundling a Product Security Review with related services such as Threat Modeling, Architecture Security Assessments (ASA), and Cloud Penetration Tests (CPT).
Senior Security Consultant
Nathan Elendt is a Senior Security Consultant at Bishop Fox. Nathan's primary areas of expertise are web application penetration testing, secure system design, and product security reviews, including Internet of Things (IoT) assessments.
Nathan is an avid IoT researcher and is considered an internal subject matter expert on embedded device security. He has designed and led trainings on hardware hacking, has authored an article on IoT security best practices, and was quoted in CSO Online on IoT security. His IoT work for Bishop Fox includes a review of a suite of connected home security systems for a leading smart lock developer.
We'd love to chat about your offensive security needs. We can help you determine the best solutions for your organization and accelerate your journey to defending forward.