Hardware Hacking & Reverse Engineering

Hardware Hacking & Reverse Engineering

Hardware hacking on devices with physical access to identify security flaws at different entry points

Objectives

The number of different connected devices has increased exponentially in recent years, and the attack surfaces exposed have also increased. Many of these devices are simple enough to make hardware attacks viable.

In hardware hacking security audits, Tarlogic team of experts tries to find vulnerabilities and security in physically-accessed devices, including the study of possible communications with other devices (Bluetooth, WiFi...), the analysis of the radio-frequencies used, the analysis of exposed physical ports and other possible entry points.

The result of this effort will allow the client to know the security status of the device not only at a logical level, but also from the perspective of an attacker with physical access.

Benefits

The benefits that our clients obtain through the execution of these tests are:

  • Know the degree of the device exposure with precision, for example, available physical ports, communication types, exposure in networks, among others.
  • Study of possible security vulnerabilities at the physical and logical level.
  • Analysis of the implications of these security flaws for the specific device type.

General description

In hardware hacking security audits, the attack surface exposed by the device is analysed. This involves the study of the device architecture, as well as the identification of any components or functional blocks that serve to exchange information with other devices. It's common for the device itself to communicate with other devices or via the Internet, in which case these communications can also be analysed.

Once a detailed description of the attack surface is available, each possible entry point is analysed. This includes interaction with physical ports and test points on the boards, memory and firmware dumps of the device, and communications with other devices.

The findings are documented in a detailed report describing the steps to reproduce them.