When assessing technology, it is critical to ask the right questions. Our evaluation reports are written to answer these questions so that you understand where your product stands. Typical questions that we ask are:

Component role

What components do we see when we open this device and what is their security role?

Parameter abuse

How could we abuse the parameters in this application protocol?

Injecting faults

Would this fault injection attack work? How can we turn it into a useful exploit?

Key leakage

How much key-related data does this hardware leak via unintended side channels?

Management protocol

Does this device or card management protocol sufficiently protect against a man-in-the-middle attack?

JTAG

Can we locate the JTAG pins and what happens when we reconnect to them?

Reverse engineering

If we reverse engineer this firmware, does the security model still hold?

Identification versus exploitation

How costly is it for someone to exploit this weakness, and to repeat exploiting it?

Impact

What do the security weaknesses mean for this product?