Such Internet of Things devices are often party to information or metadata of the end-user that must not fall into the wrong hands. Other products are able to influence their own physical environment and must therefore be extremely resistant to unauthorised control and denial of service attacks.

A key challenge for innovative companies launching new connected products is ensuring that these devices will be secure and robust in the field. This requires the product to be impervious both to deliberate attack and also to unexpectedly-invalid input. It also requires a suitable strategy for secure and remote firmware update over the servicable lifetime of the product. The expertise required to design, implement, and validate these secure connected systems is particular in nature, and establishing the necessary test infrastructure and automation requires significant time and monetary investment.

We can help establish software architectures, protocols, and processes to meet your embedded security requirements, and offer software/firmware source code security review and risk assessment for existing code bases.

On prototype or production products we can perform black box and white box security assessments, subjecting them to a range of manual and automated analyses from physical layer to application layer. We use both manual penetration testing and a range of computer-assisted audit techniques (CAATs) such as network protocol fuzzing and vulnerability scanning to identify information security or denial of service risks. Our extensive automated security and reliability testbed can rapidly deploy a range of attack vectors in order to identify, understand, and correct potential vulnerabilities before they become a risk or cost to your business.