Skip to main content
Service

Kaspersky Smart Technologies and IoT Security Assessment

Enhancing security of embedded systems

Overview

Embedded systems are becoming increasingly complex. Industry has made huge strides, from highly specialised microcontroller-based components to complex interconnected solutions built on third-party SoC platforms with real-time or Linux-based operating systems communicating with each other via dozens of different protocols. This kind of rapid evolution brings tremendous versatility, but it also comes at a price: the introduction of common computing platforms in embedded systems has brought its inherent threat landscape with it.

Kaspersky Lab offers a set of proactive security assessment services for vendors of embedded systems who want to enhance their security operations and take a pre-emptive approach against advanced threats.

Embedded Devices Security Assessment

Security-level evaluation of the hardware and software components of embedded devices to identify potential vulnerabilities, misconfigurations and design issues that could be used by malefactors to compromise normal operation of the platform

Application Security Assessment

Detailed security analysis of applications used to control and monitor the operation of embedded systems, including static and dynamic analysis of the application’s source code and architecture

Penetration Testing

Analysis of the security of IT infrastructure that enables the operation of embedded systems, attempting to bypass security controls on behalf of various types of intruders aiming to obtain maximum possible privileges in important systems

Comprehensive Reporting

A summary report detailing all discovered vulnerabilities and security flaws, with actionable recommendations for immediate resolution

In Use

  • Identify security risks in embedded devices

    • Threat modelling according to business logic and use cases
    • Manual and automated identification of vulnerabilities
    • Firmware and application source code analysis using static, dynamic and interactive approaches
    • Assessment of underlying communication protocols and existing security controls
    • Radio channels security assessment
    • Configuration analysis for operating systems and application components
    • Evaluation of implemented security measures
    • Exploitation of the revealed vulnerabilities and attack demonstration
  • Remediate application vulnerabilities leading to

    • Gaining control over an application
    • Attacks against application clients
    • Denial of service of the entire application or partial denial of service (blocking access of an individual user)
    • Obtaining important information from the application
    • Influence on data integrity
  • Prevent unauthorised access to critical network components

    As a result of the penetration testing, the following vulnerabilities (among others) may be identified:

    • Vulnerable network architecture, insufficient network protection
    • Vulnerabilities leading to network traffic interception and redirection
    • Insufficient authentication and authorisation
    • Weak user credentials
    • Configuration flaws, including excessive user privileges
    • Vulnerabilities caused by errors in applications’ code (code injections, path traversal, client-side vulnerabilities, etc.)

Related to this Service