Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Hardware Security

Hardware Security

Section titled “Hardware Security”

5 automated security scanners

Hardware Root of Trust

Section titled “Hardware Root of Trust”

Purpose: The Hardware Root of Trust Scanner is designed to analyze hardware root of trust implementation by detecting secure boot mechanisms, testing for hardware-based attestation, checking for trusted boot chain references, identifying root of trust anchors, and detecting weaknesses in hardware trust architecture that could enable bootkit or firmware-level attacks.

What It Detects:

  • Secure Boot Detection: Identifies the presence of UEFI secure boot implementation, detects verified boot mechanisms, checks for boot integrity checking, flags secure boot vendor exposure.
  • Hardware Attestation: Checks for remote attestation support, detects TPM attestation usage, verifies platform integrity measurement, tests for attestation protocols, identifies attestation key management.
  • Trusted Boot Chain: Ensures measured boot implementation is present, detects boot chain verification, verifies chain of trust references, tests for boot component signing, identifies boot loader security.
  • Root of Trust Anchors: Checks for the presence of hardware root keys, detects trust anchor implementation, verifies root certificate storage, tests for immutable root references, identifies key provisioning processes.
  • Trust Architecture Exposure: Verifies documentation on trust boundary separation, detects security domain separation mechanisms, isolates privilege level exposure, identifies trust architecture vendors.

Inputs Required:

  • domain (string): A fully qualified domain name (e.g., ekkatha.com) is required to perform the scan.

Business Impact: Hardware root of trust exposure creates foundational risks that can lead to bypass techniques in secure boot implementations, enable forgery attacks through attestation mechanism disclosure, and compromise entire trust chains when root keys are exposed. This directly impacts the integrity and security posture of systems by exposing potential vulnerabilities that could be exploited for malicious activities such as bootkits or firmware-level attacks.

Risk Levels:

  • Critical: When secure boot implementation details aid bypass techniques, attestation mechanism disclosure enables forgery attacks, root key exposure compromises entire trust chains, and boot chain details reveal attack points.
  • High: When there is a lack of documented trust boundary separation or security domain isolation mechanisms, leading to elevated risk in privilege level exposure within the system.
  • Medium: When trusted boot chain references are not adequately verified, potentially leaving components vulnerable to unsigned modifications.
  • Low: When hardware root keys and trust anchors are well-documented and securely managed, with no significant exposure or vulnerabilities identified.
  • Info: When there are minimal disclosures regarding the system’s hardware security aspects, indicating a baseline level of information disclosure that does not pose immediate risks but should be monitored for future changes.

Example Findings:

  1. A detected secure boot implementation without documented vendor details could indicate potential exposure to bypass techniques and lack of transparency in security practices.
  2. Inadequate hardware attestation mechanisms might lead to unverified platform integrity, leaving the system vulnerable to unauthorized access or tampering.

Firmware Security

Section titled “Firmware Security”

Purpose: The Firmware Security Scanner is designed to analyze and assess the security posture of firmware by identifying potential vulnerabilities in distribution endpoints, update mechanisms, validation processes, version management, and security controls. This tool aims to detect weaknesses that could enable unauthorized installation or tampering with firmware, thereby exposing critical risks for public firmware downloads and updates.

What It Detects:

  • Firmware Distribution Detection: Identifies where firmware can be downloaded from the target domain, including endpoints like /firmware, /updates, etc.
  • Firmware Update Mechanisms: Checks for over-the-air (OTA) update systems, automatic and manual update processes, and notification mechanisms.
  • Firmware Validation: Assesses whether signature verification is in place to ensure firmware integrity and secure boot integration.
  • Firmware Version Management: Verifies the disclosure of firmware versions, changelog exposure, and rollback capabilities.
  • Firmware Security Controls: Evaluates claims around encryption, anti-rollback mechanisms, and firmware attestation.

Inputs Required:

  • domain (string): Fully qualified domain name (e.g., ekkatha.com) - This is necessary to target the specific web service or repository for analysis.

Business Impact: Firmware security exposure poses significant risks as it can lead to unauthorized tampering, data breaches, and system vulnerabilities. Public firmware downloads facilitate reverse engineering by malicious actors, while missing signature verification allows for potential malware injection. Unencrypted updates are susceptible to man-in-the-middle attacks, and version disclosure provides adversaries with information about known vulnerabilities that could be exploited.

Risk Levels:

  • Critical: This risk level is assigned when critical security flaws such as public firmware downloads or missing signature verification are detected.
  • High: High risks are associated with significant exposure in update mechanisms, validation processes, and version management where unauthorized tampering can occur more easily.
  • Medium: Medium risks pertain to the general disclosure of infrastructure details that could be used by adversaries for reconnaissance before exploiting vulnerabilities.
  • Low: Low risk findings indicate minimal exposure or controls that are effectively managing identified issues.
  • Info: Informational findings provide context about potential improvements without immediate security implications but can guide future enhancements in firmware security practices.

Example Findings:

  • A public endpoint /firmware is detected, which could facilitate unauthorized access and reverse engineering of the firmware.
  • The presence of OTA update mechanisms indicates a potential for automatic or semi-automatic updates that might bypass traditional security checks.
  • Lack of signature verification on firmware updates can lead to malicious software being installed without detection.

Embedded System Security

Section titled “Embedded System Security”

Purpose: The Embedded System Security Scanner is designed to assess and evaluate the security posture of embedded systems by identifying potential vulnerabilities and exposure points. It performs a thorough analysis on domains, focusing on detecting embedded device exposure, testing for firmware update mechanisms, checking IoT platform integration, identifying embedded OS fingerprints, and uncovering weaknesses in system disclosure that could be exploited by adversaries.

What It Detects:

  • Embedded Device Detection: Identifies references to embedded systems, detects IoT deployments, checks for edge computing devices, tests for industrial control systems, and flags any exposure of embedded devices.
  • Firmware Update Mechanisms: Checks for the presence of firmware update endpoints, identifies OTA update systems, verifies download locations for updates, and assesses notification mechanisms for updates.
  • Embedded Operating Systems: Detects references to various embedded operating systems including Linux (embedded), FreeRTOS, VxWorks, ThreadX, and Zephyr OS.
  • IoT Platform Integration: Verifies the usage of IoT platforms, identifies device management systems, checks cloud connectivity, tests for MQTT broker exposure, and uncovers vendor-specific IoT platform integrations.
  • Device Architecture Exposure: Uncovers disclosures related to hardware architecture, processor types, memory specifications, and interface details.

Inputs Required:

  • domain (string): A fully qualified domain name (e.g., ekkatha.com) that represents the target embedded system or IoT device under assessment.

Business Impact: Embedded systems play a critical role in various industries such as automotive, healthcare, and industrial automation. Their exposure through public endpoints can lead to unauthorized access, data leakage, and potential exploitation of known vulnerabilities. This not only poses significant security risks but also affects the integrity and availability of services provided by these systems.

Risk Levels:

  • Critical: When critical findings are detected, such as publicly disclosed firmware update mechanisms or operating system references that could lead to immediate unauthorized access.
  • High: High risk is associated with severe exposure points like public endpoints for device management or direct communication interfaces that might be exploited by adversaries.
  • Medium: Medium risk applies when the scanner detects potential vulnerabilities in configuration settings, incomplete updates, or lack of encryption protocols which can still lead to significant security issues if not mitigated promptly.
  • Low: Informational findings are considered low risk unless they indicate a direct path for exploitation or compromise that has not been addressed.
  • Info: These are generally non-critical disclosures that do not pose immediate threats but should be monitored and potentially resolved for enhanced system security.

Example Findings:

  1. A publicly accessible firmware update endpoint might allow unauthorized individuals to download and modify the device’s software, leading to potential security breaches.
  2. The detection of a Linux (embedded) OS reference in the domain could indicate that the system is based on an open-source platform which might be subject to community contributions affecting its stability and security.

This documentation provides a clear overview of what the Embedded System Security Scanner aims to achieve, detailing the types of exposure it detects and the inputs required for operation. It also outlines the potential risks associated with each level of detection, providing a comprehensive understanding of both the scanner’s capabilities and its implications on system security.

Chip-level Security

Section titled “Chip-level Security”

Purpose: The Chip-level Security Scanner is designed to assess the hardware security posture of chip-level systems by identifying potential vulnerabilities and risks related to hardware security modules, secure elements, trusted platform modules (TPM), hardware crypto acceleration, and chip vendor technologies. This tool aims to provide insights into the cryptographic protections and attack surfaces inherent in these devices, helping organizations understand and mitigate hardware-based security risks.

What It Detects:

  • Hardware Security Module Detection: Identifies references to Hardware Security Modules (HSM), detects usage of hardware cryptography modules, checks for key storage mechanisms, tests exposure to HSM vendors, and flags technology fingerprints associated with specific hardware security modules.
  • Secure Element Implementation: Checks for the deployment of secure elements, identifies embedded secure chips, verifies claims of tamper resistance, tests for references to secure enclaves, and uncovers vendor details related to these components.
  • Trusted Platform Module (TPM): Scans for TPM deployments, detects trusted execution environments, verifies implementation of secure boot protocols, assesses attestation mechanisms, and reveals TPM version disclosures.
  • Hardware Crypto Acceleration: Investigates the use of crypto coprocessors, detects references to hardware Random Number Generators (RNG), verifies deployment of crypto accelerators, tests for AES encryption implemented in hardware, and identifies vendors associated with these cryptographic modules.
  • Chip Vendor Technology: Identifies chip security vendors, detects usage of ARM TrustZone, checks for Intel SGX references, assesses AMD SEV deployment, and uncovers fingerprints related to specific hardware security technologies.

Inputs Required:

  • domain (string): Fully qualified domain name (e.g., ekkatha.com) - This parameter is essential for the scanner to target the correct web service or system for analysis.

Business Impact: Chip-level security exposure can lead to significant risks, including unauthorized access to cryptographic keys stored in public HSMs, exploitation of vulnerabilities disclosed by chip vendors that could be leveraged through TPM/TEE implementations, and targeted attacks exploiting hardware-based cryptography. Understanding these risks is crucial for developing effective mitigation strategies and enhancing overall system security posture.

Risk Levels:

  • Critical: When the scanner identifies public HSM deployment revealing cryptographic key storage or secure element disclosure aiding hardware exploitation planning.
  • High: When trusted platform module (TPM) implementation details guide firmware attacks, or when specific vendor technologies like ARM TrustZone or Intel SGX are detected without proper security measures in place.
  • Medium: When there is a lack of crypto coprocessor usage or secure enclave references despite potential hardware cryptographic capabilities, indicating suboptimal security practices.
  • Low: When no significant chip-level security issues are detected but basic configurations and deployments could be improved for enhanced security.
  • Info: When the scanner identifies general infrastructure details without specific vulnerabilities or risks that do not directly impact security but may suggest areas for improvement in technology deployment and management.

Example Findings:

  • The scanner might flag a public HSM endpoint indicating exposure of cryptographic keys, revealing potential critical risk due to unauthorized access.
  • A detected TPM version disclosure could signal high risk if the system relies heavily on this module for security functions without adequate patches or updates.
  • Unidentified secure element deployment at medium risk levels, suggesting potential vulnerabilities that need further investigation and mitigation.

This documentation provides a comprehensive overview of what the Chip-level Security Scanner detects and how it assesses risks based on identified exposures. It is designed to help users understand the implications of hardware security issues and guide them in improving system defenses against potential attacks from malicious actors.

Peripheral Security

Section titled “Peripheral Security”

Purpose: The Peripheral Security Scanner is designed to assess and evaluate the security posture of peripheral devices connected to a system. It aims to identify potential vulnerabilities that could be exploited by malicious actors, such as BadUSB attacks or unauthorized device access. This evaluation covers several critical aspects including USB security policies, device authentication mechanisms, peripheral management systems, device whitelisting practices, and attack prevention measures.

What It Detects:

  • USB Security Policy Detection: Identifies the presence of USB device policies, detects controls over USB ports, checks for mechanisms that block or restrict removable media, and flags any exposure of USB security policies.
  • Device Authentication: Checks for requirements for device authentication, detects certificate-based authentication methods, verifies enrollment processes, and tests for peripheral authorization mechanisms to ensure only trusted devices are connected.
  • Peripheral Management Systems: Evaluates the presence of endpoint management systems for devices, identifies control software used to manage peripherals, confirms the existence of inventory and monitoring systems to track device connectivity, and uncovers any gaps in peripheral security measures.
  • Device Whitelisting: Verifies the existence of approved device lists, detects restrictions on specific device IDs, confirms vendor ID filtering practices, and tests for controls over different device classes to ensure only explicitly permitted devices are connected.
  • Peripheral Attack Prevention: Assesses claims related to BadUSB protection, identifies prevention mechanisms against keystroke injections and DMA attacks, and verifies the effectiveness of hardware-based protections designed to mitigate potential security threats.

Inputs Required:

  • domain (string): A fully qualified domain name (e.g., ekkatha.com) that represents the target system under assessment. This input is essential for directing the scanner to the correct network location where peripheral devices and their associated security measures are hosted or exposed.

Business Impact: Peripheral device security exposure can create significant risks, as it often provides unauthorized individuals with access to sensitive information stored on connected systems, potentially leading to data breaches and other severe consequences. The ability to detect such vulnerabilities early is crucial for maintaining the integrity and confidentiality of digital assets.

Risk Levels:

  • Critical: Exposure of USB security policies that allow unrestricted device connections can lead to immediate unauthorized access. Detection of missing device authentication mechanisms or poorly enforced whitelisting practices are critical risks, as they directly facilitate malicious activities without requiring significant technical expertise.
  • High: Inadequate peripheral management systems and device whitelisting practices pose high risk due to the potential for unauthorized devices to remain undetected within an organization’s network. The lack of robust attack prevention mechanisms can also lead to serious security breaches.
  • Medium: While not as severe as critical or high risks, medium vulnerabilities indicate a need for improvement in peripheral device security measures. This includes issues with USB policies and authentication that could be exploited by less sophisticated attackers but still pose significant risk management challenges.
  • Low: Informational findings regarding the presence of certain controls or mechanisms might suggest low risk if they are explicitly designed to allow such behaviors (e.g., whitelisting for known good devices). However, in general, these should be considered areas for improvement rather than current security strengths.

Example Findings:

  • A system is found to have no restrictions on USB device connections, which could lead to the unauthorized installation of malicious software.
  • Authentication mechanisms are minimal and do not effectively distinguish between authorized and unauthorized devices, leaving the system vulnerable to attack.
  • Peripheral management systems lack comprehensive monitoring capabilities, making it difficult to track connected devices and detect potential security incidents.