Device assessment IoT.

Hacking smart heating, ventilation and air-conditioning (HVAC) systems and energy meters can destroy critical infrastructure by jamming and manipulating controls.

Hardware & embedded software testing

The Internet of Things (IoT) is one of many exciting innovations that connects humans with technology, both at home and in business. It offers the potential for seamless interaction between humans and any device. Combined with machine learning and artificial intelligence, IoT creates vast opportunity for innovators, law-abiding citizens, mischief makers and criminals alike. Given the number of cybersecurity breaches reported each day, the well-publicised lack of investment in security and a shortage of security staff, one may ask whether the benefits of IoT can be achieved safely, or is more consideration needed to understand IoT risk?

A (IoT) device typically consists of a physical object with a power supply (cabling/battery), processing unit, non-volatile memory, connectivity (wired/wireless), sensors/actuators and device management.

Our approach

Qbit starts with analysing the firmware and kernel/libraries of the hardware and/or embedded system. The first is performed by means of the tools like binwalk and hexdump to identify the file system used. Or if no standard filesystem is used to find at least exportable parts, like binary executables, static content, encryption keys et cetera from the firmware. If the firmware uses an open filesystem we will use available tools to mount it and further analyse its contents. Individual executables, the libraries that they use, and the kernel can then be analysed for publicly known vulnerabilities. We then also use the Firmware Assessment Tool to emulate and analyse the firmware.

Next, Qbit will check the device from the network to see if the firmware that it uses is affected by network exploitable vulnerabilities. After this Qbit use hardware-hacking techniques (e.g. using JTAG or similar debug interfaces, reading memory chips like EEPROM, using logical analyser tools to check for hidden interfaces) where possible to obtain access to the firmware of the device and to gain a better understanding of its inner workings. Usually, a device is part of a solution that communicates with a back-end system and uses a (mobile) application to manage the device. For this purpose, Qbit makes use of the infrastructure or application assessment.

Qbit uses the ‘Baseline Security Recommendations for IoT’ of ENISA (November 2017) as a reference for testing the security if (IoT) devices.

Benefits of a Device assessment

  • Find out if your systems are secure.
  • Insight in inherent level of security and real vulnerabilities.
  • Practical and feasible recommendations.

Contact me

Erik Rutkens

Erik Rutkens

CEO and founder Qbit

Let me tell you more. Email me or call me on +31 6 53 317 977.

    Request a quote

    Request a quote for: Device assessment (IoT)

    How can we be of service? Please fill in you request and we'll get back to you as soon as possible.

    Thank you! Message successfully sent.

    We received your message and we'll get back to you as soon as possible.

    Please correct the fields below before submitting the request.
    We'll only use your email address to answer you.
    Tell us how we can help you.