Embedded Devices and IoT

The primary goal in embedded device and IoT testing is to evaluate the attack surface of the devices and the supporting ecosystem around it.  This includes a full enumeration of the solution’s attack surfaces and how they interface with each other, as well as the threat models that would arise from the device’s unique real-world capabilities.   Depending on what the device does can change the threat actor’s motives.

Secure Ideas will review the full solution of the embedded device and attempt to review it in a model similar to how a threat actor would.  The goal would be to review the hardware and firmware of the devices,  as well as the supporting local services, cloud services, and applications (web, mobile and desktop) to find vulnerabilities and configuration issues that can be leveraged by an attacker to gain control over the device itself, access to user data, or the ability to control the real world functions this device performs.