Logical Device Penetration

New technology is often limited by security flaws.

Many systems support proprietary protocols and are built on embedded operating systems, so very few off the shelf tools exist to attack and assess the security of these systems. To test these systems, SecureState has developed an adaptive penetration testing methodology to determine how resistant these devices are to wired and wireless network based attacks.


Testing how emerging threats can target new technology is a difficult challenge because existing security assessment tools will often not suffice. Since the technology is new, current tools often aren't designed to test them, or test for old attack vectors not being used by emerging threats. SecureState's adaptive logical device penetration testing methodology can identify vulnerabilities within these systems, so they can be properly mitigated.


SecureState has experience testing a wide range of devices, including medical devices, smart meters, and industrial control systems. With each device, custom tools needed to be developed for testing. Due to this work, we have extensive experience analyzing network protocols and embedded systems. Using our methodology, SecureState also created Termineter, the first open source tool for testing smart meters.

Approach and Methodology

SecureState’s Logical Device Penetration follows an iterative process of initial discovery, followed by prototyping and testing to learn about the system being targeted, then finally creating tools to target and attack the system. This unique process needs to be followed because many systems use custom protocols, and so few off the shelf tools exist to test these system. Throughout this process, SecureState works to understand the business process the device is supporting, so that attacks can be tailored to the system. Understanding the business process also allows SecureState’s consultants to understand the impact of any vulnerability discovered and develop recommendations to minimize business impact.

Penetration tests are simply blind to threats effecting these types of systems, and since very little security research has been conducted, the true extent of business impact is unknown. SecureState’s Research and Innovation professionals will address these unknowns and develop customized tools to assess the devices, providing our clients with the knowledge and confidence to be resilient to a potential attack. Since the testing is adaptive by nature, the procedures are unique to each environment. SecureState follows an overall methodology when performing research projects.

The initial phase, generally done onsite, involves the gathering of various data points pertaining to the system. Using a variety of gathering techniques, all data collected will be used to benchmark system behavior and determine possible abnormalities via communication, system utilization/ processing and ICS interfaces. Additionally SecureState will perform off site research to gather previous research on the topic and look for public information on the system being tested. For example information could be gathered from vendor documentation, patent files and regulatory documentation.

Next, the data SecureState collects will be registered, processed, and analyzed using quantitative data analysis. Focusing on pattern recognition will allow SecureState to develop “modified” patterns to determine how the systems respond to valid requests. These results are opportunities and criteria for further development. These criteria will be a key component of determining the business impact in the next phase.

In the third phase, the opportunities and criteria/requirements identified in the previous phase will be used as inputs for idea creation and concept-development. SecureState will co-develop the conceptual framework used to prototype customized interfaces to the system. During this process, the “what if” scenarios will be sketched out, and any additional insights into the systems by the client will be considered.

SecureState will then begin prototype development, drawing on experiences and resources from SecureState’s R&I staff. In many instances, our staff has developed a new framework with the ability to incorporate new tools and adopt existing tools into the framework.

Once the prototype has been developed, SecureState will test various “conceptual” scenarios and determine the successfulness of the prototype based on the criteria or requirements outlined in the early phases. The testing is adaptive by nature, and includes iterations between the conceptualization and prototyping phases.

Finally, SecureState will write a detailed report, outlining each phases and providing all of the data collected and analyzed along with detailed testing results. Ultimately, SecureState will score the impact of the device's security to the business via the criteria developed and the successfulness of the prototype.

Get Started!