Device Security Testing

Is my product secure? Are there any vulnerabilities present? Can actor X attack it under threat model Y? If so, how long does it take and what type of resources are required?

Our device security testing services are available to answer these and other questions you may have regarding the security of your product.

We are capable of testing the software and hardware of devices using advanced testing methods under various attack scenarios. Moreover, our specialties include technologies like Trusted Execution Environments (TEEs), Secure Boot and Hardware Fault Injection. We actively pursue these specialties through our training and research.

At Raelize we like to listen carefully to your needs and tailor our services accordingly. We are comfortable and have experience with performing our tests in a black-, grey- or white-box setting. Depending on your needs, our tests can be coverage-driven or focused on just breaking a specific aspect of your product's security.

Please contact us to discuss your needs!

Vulnerability Assessment

We define, explore and analyze the attack surface of your product in order to identify the largest amount of vulnerabilities possible in the given time frame.

We can perform Vulnerability Assessments on hardware, source code, binary code or a combination thereof. The results include recommendations for remediation of the identified weaknesses and input for subsequent testing.

Penetration Testing

We identify and exploit vulnerabilities in both software and hardware in order to determine what an attacker can achieve under a predefined threat model.

We can perform Penetration Tests on an entire device or just a specific piece of software or hardware. Moreover, we are capable of performing both software and hardware attacks.

Secure Code Review

We review your software with a critical eye for detail, with a predefined time frame, in order to identify vulnerabilities and other areas for improvement.

We can perform a Secure Code Review on an entire or partial code base, focused on specific assets or interfaces and include or exclude specific type of attacks (e.g. Fault Injection).

Pre-certification

We use our experience and expertise to suggest areas of importance to review and test before your product undertakes a security certification.

We perform Pre-certification to increase the chances for a successful security certification for your product and to shorten its Time-to-Market.


Using our services

Let us provide you some examples of how our services can be used.

Vulnerability Assessment

You are developing a critical software component, such as a TEE OS, a Trusted Application, a bootloader and you are concerned about the attack surface offered by your product. We would suggest to take our Vulnerability Assessment service, to get a comprehensive look of your code and its use cases.

Penetration Testing

You are a manufacturer developing a hardware component, and you are concerned about Fault Injection (FI) attacks. Then, you should definitely consider a white-box penetration test with us, where we can apply our experience and specialized techniques directly from the research field.

You are an OEM with a product about to be launched. A prototype is ready and you have a few questions. What attackers can do with physical access and zero knowledge? Will they be able to re-open the fused JTAG? We would be right there to help you, with our Penetration Testing service, using the best breed of our attacks for answering with data at hand.

You are a provider and you are concerned that devices supplied to critical customers may be prone to supply chain attacks. You wonder what can be done in 10, 30, 60 or 90 minutes of physical access. We can give you an exact answer by performing a Penetration Test where we simulate a real-world threat.

Secure Code Review

Your ROM code is almost ready for tape-out. You wonder if Secure Boot can be bypassed, or if "those guys" can get "code exec" with a single glitch. Then, a Secure Code review should be the first step in order to quickly identify and fix severe vulnerabilities.

Pre-certification

Your component/product is undergoing certification and a demanding security testing session is expected. Failing the certification would certainly have impact on the foreseen Time-To-Market. OurPre-certification service may come in handy, increasing the chances of a successful outcome and a timely release!

Contact Us

Contact Details

Feel free to contact us, we will be happy to listen and support.

Meeuwenlaan 20, 3055 CL, Rotterdam, The Netherlands
Email: info@raelize.com
VAT: NL861445934B01
KVK: 78549477