Hardware Hacking Security Audits Objectives
The amount of different connected devices has increased exponentially which means the attack surfaces exposed have also increased. Many of these devices are simple enough to make hardware attacks viable.
In hardware hacking security audits, the Tarlogic team of experts tries to find vulnerabilities in security in physically-accessed devices. This includes studying the possible communications with other devices (Bluetooth, WiFi...), analyzing the radio-frequencies used and the exposed physical ports and other possible entry points.
This effort will allow the client to understand the security status of the device not only at a logical level, but also from the perspective of an attacker with physical access.
Hardware Hacking Security Audits Benefits
The benefits of the execution of these tests include but are not limited to:
- Knowledge of the degree of the device exposure with precision, for example, available physical ports, communication types, exposure in networks, amongst others.
- Study of the possible security vulnerabilities at the physical and logical level.
- Analysis of the implications of these security flaws for the specific device type.
In hardware hacking security audits, the attack surface exposed by the device is analyzed. This includes the study of the device architecture, as well as the identification of any components or functional blocks that serve to exchange information with other devices. It's common for the device itself to communicate with other devices or via the Internet, in which case these communications can also be analyzed.
Once a detailed description of the attack surface is available, each possible entry point is analyzed. This includes the interaction with physical ports and test points on the boards, memory and firmware dumps of the device, and communications with other devices.
The findings are documented in a detailed report describing the steps to reproduce them.