About

If you’re developing a device which will be sold to customers or deployed into untrusted environments, it’s important to understand what sensitive data somebody could obtain with the device, if any fraudulent actions could be carried out, or if it could be exploited.

How we can help

Pākiki have experts who can carry out testing against IoT and hardware devices. The particular type of tests, approaches and methodologies will vary depending on the type of hardware, what the device does, and how it’s going to be deployed. However, the types of questions we’d frequently answer would be:

• Can an attacker use a device’s built in communications mechanism to gain free Internet access or access the cloud-based infrastructure supporting the device?
• Is it possible to extract the firmware and gain access to encryption keys or secrets which are shared between devices and/or gain access to other sensitive resources?
• If you have access to one device, is it possible to compromise other people’s devices or data?
• Is the device vulnerable to network-based attacks when connected to a customer’s network, resulting in potential reputational damage?
• Can any physical ports on the device be used to bypass any other security mechanisms?
• Are the communications mechanisms generally fit for purpose and is it possible for an attacker to tamper with the device for their own gain?

Note: Not all hardware testing can be carried out without using potentially destructive techniques. This can be discussed during the scoping call.

Get in touch

We’d love to hear about your project, and find out how we can help.