IoT Security Assurance Levels
for "chip" makers and "thing" makers (products or solutions) leveraging Transparency and Trust !
! Get Certified !
BASIC
Consumer | Enterprise
The ETSI Technical Committee on Cybersecurity (TC CYBER) has released EN 303 645, a standard for cybersecurity in the Internet of Things, to establish a security baseline for internet-connected consumer products and provide a basis for future IoT certification schemes.
Red Alert Labs conducts a highly efficient, fast (1-5 days) and objective evaluation process focusing on common baseline of security requirements to address specific security aspects of IoT products/solutions covering common attacks and known IoT vulnerabilities.
SUBSTANTIAL
Consumer | Enterprise | Industrial
Red Alert Labs conducts a highly efficient, fast (5-15 days) and objective evaluation process focusing on business-line risks defined for each Security Profile taking into account the threat model relevant to a type of IoT product/solution and its specific operational environment. EUCC, EN 17640 / FITCEM, Eurosmart IoT, IoXtAlliance (New), ...
HIGH
Industrial | Critical
Common Criteria (CC) and standards like EN 17640 / FITCEM, Securite de Premier Niveau (CSPN) or equivalent is fast-becoming popular to cover High security level of assurance.
Red Alert Labs supports you during all the stages of the evaluation process covering state-of-the-art attacks and unknown IoT vulnerabilities.
IoT Independent Security Approach
Providing a proof of the level of security based on our unique expertise in the IoT domain for all verticals in an independent approach
Black Box
- simulates real world scenarios
- attacker has no knowledge of the interior workings of the product, infrastructure or system
- partly exhaustive & least time-consuming
- fast identification of the first level of security
- fast patching
Gray Box
- simulates real world scenarios
- attacker has limited knowledge of the internal workings of the product, infrastructure or system
- exhaustive & partly time-consuming
- identification in a semi-comprehensive way the level of security
- fast patching
White Box
- detailed investigation of internal logic and structure of the code of a product, an application or system while covering a wider area
- allows businesses to be on their highest guard
- most exhaustive &time-consuming
- identification in very comprehensive way the level of security & design errors
- detailed security patching
We secure all your IoT environment
Hardware Analysis & Assessment
- IoT device reverse engineering
- IoT device disassembling
- Mapping out components
- Uncovering known and unknown vulnerabilities
Software Analysis & Assessment
- Encryption analysis and obfuscation techniques
- Reverse engineering firmware binaries
- 3rd party libraries and SDKs
- Debugging binaries to gain sensitive information
Signal and Communication Protocol Enumeration and Analysis
- Device infrastructure and protocols (Zigbee, Wifi, etc.)
- Communications captures (Radio, Bluetooth, etc.)
- Analysing cryptographic protocols
- Analysing interaction with external components
Mobile Applications
- Data storage (ex: sensitive data)
- Transport data (ex: information disclosure)
- Authentication/Authorization (ex: certificate validation)
- Session management (ex: resiliency)
- Data validation (ex: through IPC channels)
