Device Security

We help hospitals, retail and manufacturers identify and address potential vulnerabilities in the physical, network, operating system, firmware, and application layers.

Our testing team works closely with your team to build and execute test cases, drawing from our experience and customizing for your needs. We document test cases for repeatability, scoring and metrics using our free VECTR™ platform.

Our testing covers the following areas:

Physical Hardening

  • Exposed Diagnostic Interfaces (JTAG, TTY, etc)
  • External Interfaces
  • Device Component Vulnerabiltiies
  • Reverse Engineering / Modification Mitigations

Network

  • Network Segmentation In Dual-Network Mode
  • Open Services and Ports
  • Traffic Encryption>
  • Susceptibility to MiTM, Traffic Injections

OS & Firmware

  • Package Vulnerabilities
  • Update Mechanisms
  • Secure Configuration & Privilege Escalation
  • Sensitive Data on Filesystem

Applications

  • API Security
  • Application Hardening
  • Cloud-connectivity implementation weaknesses
  • Client Application Security

Types of Devices we test

Point-of-Sale (POS)

Medical Devices

IoT Devices

Develop Your Medical Device Security Program

We will help you develop a roadmap to prioritize investments in building your device security program and mature the capabilities of the program over time.