Software architecture and protocol design reviews
Whether you are in the planning or design phases of a new IoT device, a new software module for an existing device or a cryptographic device provisioning or communication protocol, we can assist you with threat modelling and formal verification of protocols, secure design of a single feature or the entire product including security requirement analysis, deployment and infrastructure analysis and application components analysis.
Device software stack penetration testings
Our services include blackbox and whitebox penetration testing of IoT device firmware whether it is a bare-metal firmware or built on top of real-time or Linux based operating systems. Prior to conducting penetration testing, we also assist our clients with test scoping to cover the most critical attack surfaces based on the device operation environment, history of prior tests and our knowledge of IoT threats and attack trends.
We help out clients to assess compliance of their IoT products with relevant standards and guidelines such as ETSI EN 303 645 and ISO/IEC 62443-4-2. Based on our compliance gap analysis, Firmalyzer provides detailed recommendations for non-compliant and partially-compliant aspects of the products and assists with applying those.
Customized firmware security analysis platforms
Firmalyzer analysis engine can be tailored to your IoT firmware software development kit (SDK) or cloud platform so you can deploy and use it on your own private or public cloud to automatically scan firmware binaries of your customers before being pushed into their devices via your IoT platform or over-the-air update (OTA) service.