P-SCAN

P-SCAN, ASSESSMENT OF KNOWN VULNERABILITIES, PEN TESTING

ANALYSIS OF KNOWN VULNERABILITIES

Under various regulations, protection against the exploitation of known vulnerabilities is one of the minimum requirements expected of IoT device manufacturers.

• P-SCAN is a “Vulnerability Scanning” service that checks the presence of known vulnerabilities on the IoT product.
• P-SCAN checks IoT devices in a BlackBox approach against top known vulnerabilities used by hackers.
• P-SCAN provides immediate feedback on vulnerabilities in communication channels that are present within the device and could be used by hackers.

SPECIFIC TOOL FOR VERIFYING THE VULNERABILITIES OF THE COMMUNICATION CHANNELS

• Wi-Fi
• Bluetooth Low Energy
• Zigbee

If the device has a web interface, the vulnerability scan is supplemented with the help of Nessus to check TCP/IP services for vulnerabilities.

1. P-SCAN «P-Scan-Introduction»
2. P-SCAN Test Case Specification “Test Case Specification – V1.0“

Penetration tests specific to customer requests.

For manufacturers who wish to explore and verify the attack resistance of their product, we offer a penetration testing service based on the latest techniques:

MATERIAL ANALYSIS AND EVALUATION

• Reverse engineering of IoT devices
• Disassembly of the IoT device
• Component mapping and discovery of known and unknown vulnerabilities

SOFTWARE ANALYSIS AND EVALUATION

• Firmware, Applications & OS Analysis (provided by the customer or if possible extracted directly from the device)
• Encryption analysis and obfuscation techniques used
• Reverse engineering of binary firmware
• Third-party libraries and SDKs
• Debugging to get sensitive information

CHECKING MOBILE APPLICATIONS

ATTACK AND EXPLOITATION