Firmware penetration tests

What is firmware?

Firmware is software that controls a device at a low level. This means that firmware controls individual hardware components, e.g.: the USB ports of a computer or the fiber ports of a network switch and many other components.

Several years ago, the access to the firmware was limited by the requirement of physical access to the device on which the firmware was installed but since many years the changes in the firmware settings are possible via software available e.g. through a web browser.

Firmware controls critical functions of every device e.g.: car electronics so it is important to test it and fix vulnerabilities.

Critical infrastructure firmware testing

We conduct firmware tests of control and measurement devices of critical infrastructure for the utilities sector: water, electricity, gas, wastewater (sewage), heat.

With reliable testing, you can minimize the risk of downtime on critical infrastructure components that have a key impact on people's lives.

How do we test firmware?

For testing, we often use firmware emulators, but it is not uncommon to test the devices on which the firmware is installed. When conducting tests, we use the OWASP Firmware Security Testing Methodology.

We also perform static analysis of firmware code if the author of this software is our customer.

Also learn about penetration testing of IoT devices. 

Benefits of firmware testing

Through firmware testing:

  • minimize the risk of downtime to your critical infrastructure,
  • deepen your understanding of the safety approach with an expert report,
  • You will demonstrate integrity and a commitment to safety,
  • You will be able to integrate security into the production and use of the firmware,
  • You will learn the critical points that you can take special care of.