Global

Product security

Our product security team are lifelong practitioners, specializing across hardware, firmware, software security, and safety convergence. Our own independent product development and industry-recognized research give us a level of specialist technical maturity that’s hard to find.

Contact the team

Design and build secure products for the market. Keep your organization and employees safe when purchasing technology.

  • Reduce risk Decrease the likelihood, cost, and impact of potential product-related cyber incidents.
  • Become secure by design Embed security into the design and engineering process, avoiding costly changes and remediations.
  • Validate investment Verify the security claims of products to ensure they are safe and secure for employee and customer use.
  • Prevent counterfeits Secure your intellectual property to protect your position in the market.

Our approach

Capabilities

Whether you’re engineering and launching a new product or purchasing a critical product, the security decisions you make influence the safety and security of your employees, customers, and business.

Our Product Security team was founded as Inverse Path in 2005. We now provide advanced technical consultancy to some of the world’s most challenging and critical industries, including automotive, electronics, and semiconductor manufacturing, industrial control systems, maritime, and aviation. For over a decade, our capabilities have been trusted to secure standard and fully bespoke products including low-level electronics, hardware devices, firmware, operating systems, software applications, fully integrated cyber-physical systems (CPS), and more.

Our consultancy is specialist and outcome focused. Organizations choose us as a partner to collaboratively build and test the security of their products, because we’re practitioners ourselves; we develop our own products, build our own custom hardware and software testing suites, and deliver original technical research.

Our work in product security has helped defend the lives of millions, ensured the safety of vehicles, improved the resilience of critical infrastructure and the integrity of electronic components, and protected corporate trade secrets and intellectual property.

Services & solutions

Product Security Review
Analyze the security of hardware and software products in-depth, beyond the capability of a penetration test or vulnerability assessment. Product Security Reviews provide partial, aspect-specific reviews of a device (e.g., applications or device firmware), up to full-device reviews of integrated systems, including hardware components.

Product Security Advisory services
Assess the risk profile of your products through technical risk assessments, threat modelling, design reviews, and secure design consulting. Our Product Security Advisory offers different approaches to help you understand where your products expose users and how to make them resilient by design.

Speak to the team

Securing your own product or investing in one? We can help.

Contact us

Related resources

U-Booting securely

This paper aims to provide an independent analysis of known pitfalls and production misconfigurations related to using U-Boot (officially: Das U-Boot) in secure embedded systems as well as provide developers with guidance towards securing their products. It is aimed at teams and organizations planning to use, or already using U-Boot as part of their existing products. 

Download now

The fake CISCO

In 2019, our Hardware Security team was asked to analyze suspected counterfeit Cisco Catalyst 2960-X series switches and provide evidence as to whether any kind of backdoor functionality existed. This paper details the process we used to reach our conclusion and shares the technical knowledge we gained through the process.

Read now

Security advisory

Multiple vulnerabilities in Barco Clickshare

Advisory: multiple vulnerabilities identified within Barco Clickshare products, allowing attackers to compromise hardware units and backdoor them, execute arbitrary code on end users' systems, and observe and manipulate contents being presented.

Read now

Engineering

Tamago

TamaGo is a framework that enables the compilation and execution of unencumbered Go applications on bare metal ARM System-on-Chip (SoC) components. TamaGo aims to reduce the attack surface of embedded system firmware by removing any runtime dependency on C code and Operating Systems.

Read now

Engineering

USB armory

The USB armory is an open source hardware design, implementing a flash drive sized computer—the world's smallest secure computer. It can safeguard data and run trusted applications, preventing unauthorized access or execution. Vast performance and capabilities with a minimal attack surface.

Download now

How we can help

Our aptitude for complex hardware and software security is the result of a senior team with varied and well-practiced skills, unique domain knowledge, and a deep involvement in the open-source hardware and software community.

  • Experience Over 15 years dedicated to testing and building secure products, globally.
  • Knowledge Experienced practitioners who understand the product development lifecycle inside out.
  • Full-stack Security reviews across the full technology stack of embedded systems, from silicon to application-level interfaces.
  • Reputation A track record of speaking at world-class security and industry conferences including Blackhat, CanSecWest, Defcon, and hardwear.io.

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Accreditations & Certificates

F-Secure Consulting (F-Secure Cyber Security (Pty) Ltd) is a level 4 contributor to B-BBEE with a procurement recognition level of 100%. Learn more and download our B-BBEE certificate. Click here to read the press release.

Follow us
@fsecure_consult F-Secure-Consulting f-secure-foundry fsecurelabs