Hardware Hacking Security Audits Objectives
The amount of different connected devices has increased exponentially which means the attack surfaces exposed have also increased. Many of these devices are simple enough to make hardware attacks viable.
In hardware hacking security audits, the Tarlogic team of experts tries to find vulnerabilities in security in physically-accessed devices. This includes studying the possible communications with other devices (Bluetooth, WiFi...), analyzing the radio-frequencies used and the exposed physical ports and other possible entry points.
This effort will allow the client to understand the security status of the device not only at a logical level, but also from the perspective of an attacker with physical access.
Hardware Hacking Security Audits Benefits
The benefits of the execution of these tests include but are not limited to:
- Knowledge of the degree of the device exposure with precision, for example, available physical ports, communication types, exposure in networks, amongst others.
- Study of the possible security vulnerabilities at the physical and logical level.
- Analysis of the implications of these security flaws for the specific device type.
Reverse engineering and hardware hacking
In hardware hacking security audits, the attack surface exposed by the device is analyzed. This includes the study of the device architecture, as well as the identification of any components or functional blocks that serve to exchange information with other devices. It's common for the device itself to communicate with other devices or via the Internet, in which case these communications can also be analyzed.
Once a detailed description of the attack surface is available, each possible entry point is analyzed. This includes the interaction with physical ports and test points on the boards, memory and firmware dumps of the device, and communications with other devices.
The findings are documented in a detailed report describing the steps to reproduce them.
Reverse engineering & hardware hacking FAQs
What is reverse engineering in security?
Hardware hacking is a cybersecurity discipline that focuses on the study and analysis of the physical surface of a device. To do this, the components or functional blocks that make it up are identified, entry routes to it are sought (debugging ports, communications ports, etc.), memories are extracted to obtain the firmware, communications with other devices are analyzed, etc.
In short, hardware hacking constitutes the first barrier to entry to a cybersecurity audit by allowing the investigator to know the physical design of the device, extract its software and analyze its communications.
Is reverse engineering part of cyber security?
Reverse engineering is a cybersecurity discipline based on reconstructing and making low-level “systems” understandable to the researcher. Reverse engineering can be applied to different contexts, but the main ones are applications and communications.
The objective of reverse engineering at the application level is to obtain and understand the source code of the application. Reverse engineering can be applied at a very low level, for example, to obtain the source code of compiled applications (as is the case with binaries written in C). Reverse engineering can also be applied at a higher level with applications that are based on interpreted languages (such as java) but have been obfuscated in some way (as is often the case with Android applications).
The goal of reverse engineering at the communications level is to rebuild a communications protocol from scratch to understand how it works and, ideally, to be able to interact with the device through it. It is a complex process and usually requires the use of SDRs.
What is a hardware hack?
In vulnerability auditing, low-level knowledge of the operation of an application (thanks to the use of reverse engineering) helps to better understand the execution flow and to identify the exact point at which the device is breached.
Generally, vulnerabilities are detected either by analyzing the code (obtained through reverse engineering) or by detecting a crash and then searching for the critical point that causes the failure (in this type of case, fuzzing and reverse engineering are often intertwined).