Services

We focus on an end-to-end approach, from auditing and mapping vulnerabilities to helping with the implementation of the most advanced security mechanisms to your chips’ firmware. As presented in the Threats section , the attack surface is extensive, thus requiring a dedicated team who is up to date with the latest security guidelines to have maximum coverage.
NDA
Due to the sensitive nature of security vulnerabilities, we usually work under strict mutual NDAs with our customers to ensure maximum safety and privacy
Minimal Hardware Access – Mapping any debugging interfaces left from development (such as JTAG, SPI, or I2C) and reducing the attack surface.

Lock Logical Access – Minimizing access to sensitive system functions and storage. Platform functionality (e.g. CSM, SMM_BWP, BLE, BIOSWE, SPI Memory Protection) must be correctly configured to block unauthorized access.

  • Implementing security mechanisms (such as DEP, ASLR and logical access restrictions)
  • Static Code Analysis
  • Searching for buffer overflows, integer overflows and code vulnerabilities.
  • Searching for logical vulnerabilities in the code.
  • Going through the development lifecycle and relying on stable development platforms.
  • Using technologies like memory protection units or IOMMUs.

Firmware Tamper Detection – Employing mechanisms to detect firmware tampering such as timing anomalies and state anomalies.

Secure Firmware Update – This is a well explored field from the world of BIOS firmware update mechanism which had multiple vulnerabilities over the years. Main elements – Digitally signing signatures, key store for public keys, Roots of Trust, stopping hot-patching etc.


Customer Validation Tools – An approach where you give the customers tools to validate the integrity of the current state of the firmware. This approach reduces significantly the response time in case of a vulnerability disclosure.


Removing Management Backdoors – Often manufacturers leave backdoor functionality in the firmware for future control, or supply a connect-back functionality (often referred as “phone home” functionality) – these should be tested and validated thoroughly.


User Awareness Process
– Creating a process to inform end users about both security functionality, security incidents, and available security updates.


Secure Key Storage – Considering the use of TPM, SIM, SmartCards, or other HSMs for storing private keys.

Default Configuration Analysis – Analysis of the default configuration the chip with special focus on authentication and the update mechanism.

Data Encryption - At Rest & In Transit – employing encryption on often limited CPU power requires expertise but is feasible. Aside from protecting the data itself, unencrypted data will often revoke compliances, specifically with entities such as HIPAA.

Remote Wiping – Specifically for compliance with mobile devices, this feature is a necessity. The implementation should be done very carefully in order not to create an affective "Management Backdoor".