More on MSI Lab Services Offerings

MSI has built a reputation that spans decades in and around testing hardware and software for information security. Our methodology, experience and capability provides for a unique value to our customers. World-class assessments from the chip and circuit levels all the way through protocol analysis, software design, configuration and implementation are what we bring to the table.

 

Some of the many types of systems that we have tested:

  • consumer electronics
  • home automation systems
  • voice over IP devices
  • home banking solutions
  • wire transfer infrastructures
  • mobile devices
  • mobile applications
  • enterprise networking devices (routers, switches, servers, gateways, firewalls, etc.)
  • entire operating systems
  • ICS and SCADA  devices, networks and implementations
  • smart grid technologies
  • gaming and lottery systems
  • identification management tools
  • security products
  • voting systems
  • industrial automation components
  • intelligence systems
  • weapon systems
  • safety and alerting tools
  • and much much more…

To find out more about our testing processes, lab infrastructure or methodologies, talk to your account executive today. They can schedule a no charge, no commitment, no pressure call with the testing engineer and a project manager to discuss how your organization might be able to benefit from our experience.

 

At A Glance Call Outs:

  • Deep security testing of hardware, software & web applications
  • 20+ year history of testing excellence
  • Committed to responsible vulnerability handling
  • Commercial & proprietary testing tools
  • Available for single test engagements
  • Can integrate fully into product lifecycle
  • Experience testing some of the most sensitive systems on the planet

Key Differentiators:

  • Powerful proprietary tools:
    • Proto-Predator™
    • HoneyPoint™
    • many more solution specific tools
  • Circuit & chip level testing
  • Proprietary protocol evaluation experience
  • Customized honeypot threat intelligence
  • Methodology-based testing for repeatable & defendable results

Other Relevant Content:

Project EVEREST Voting Systems Testing https://stateofsecurity.com/?p=184

Lab Services Blog Post https://stateofsecurity.com/?p=2794

Lab Services Audio Post  https://stateofsecurity.com/?p=2565



Update on the ProtoPredator Family of Products

Today, I just wanted to provide a quick update on the ProtoPredator family of products. As you may recall, we have released ProtoPredator for Smart Meters (PP4SM) as a commercial product. It became available over one year ago and continues to be a strongly performing tool for validating the optical security of smart meters.

I have gotten several questions from clients and the community about the ProtoPredator family and what was next. I am pleased to say that we are continuing to develop and enhance ProtoPredator for Raw Serial (PP4RS). This is currently a private, in lab tool for our testing. But, we do plan to release it eventually as a commercial tool. The tool is designed to discover serial communications, explore them, adaptively identify protocols and patterns and introduce the ability to fuzz those protocols on demand. The tool has been a long time coming and we are continuing to develop its capabilities. We want to make sure we have it fully functional prior to release.

Additionally, we are working on ProtoPredator tools for ModBus, DNP3 and other ICS protocols. Those versions are behind PP4RS in development and testing, simply due to the “scratch your own itch” workload we are using for testing. Though, DNP3 is quickly rising to the front burner.

If you have any questions about ProtoPredator, or any of the products we are working on, please let us know. We are always happy to discuss our work under NDA with folks in the ICS security field. As always, rest assured that just like PP4SM, while the products are commercially available with support and upgrades, WE DO NOT RELEASE THEM TO UNVETTED PARTIES. We think smart meter testing belongs in the hands of the professionals, as does testing other ICS protocols, so we don’t release our tools to folks not involved with utilities, manufacturing of the devices or other testing groups. If you are such a stakeholder and have an interest in the tools, please get in touch.

Thanks for reading and as always, stay safe out there! 

Fuzzing Optical Smart Meters with ProtoPredator

PPClawsWords1

Our team has been working hard in the lab, once again testing the optical implementations of a variety of smart meters. Using our proprietary in-house developed tool, called ProtoPredator for Smart Meters, we have been doing full fuzzing of optical protocol implementations. 

Our tool makes this process easy and reproducible. It also provides for easy regression testing and fix validation through session replays. 

One of the things that makes ProtoPredator so cool is that it includes both arbitrary conversations with the meters in addition to canned sessions, making much more flexible in the hands of a knowledgeable user. You can easily use this feature to perform more nuanced validation of the protocols, testing things like sequence errors, poor trust, error recovery, etc. 

While ProtoPredator is still tied to the optical coupler speed and the inherent speed of the protocols in use, testing with it makes validation of the optical ports more effective than other more traditional approaches. Additionally, you can use multiple seats of ProtoPredator in parallel to decrease the overall testing and validation time, especially since the “brain files” and packet sessions are easily interchangeable amongst installations.

The easy to use GUI also means less frustration and more time on task for most users. It lets the testers spend less time on mundane tasks like serial configuration and hand crafting packets and more time on security testing, protocol analysis and bug hunting.

To find out more about ProtoPredator, or to discuss having our lab give your smart meters a look over, get in touch. Info(at)micro solved(dot)com will get you a prompt response. As always, thanks for reading! 

ProtoPredator to Become Family of Products

On Nov 16, we announced the availability of ProtoPredator for Smart Meters (PP4SM). That tool, aimed at security and operational testing of optical interfaces, has been causing quite a stir. Lots of vendors and utilities have been in touch to hear more about the product and the capabilities it brings to bear.

We are pleased with the interest in the PP4SM release and happy to discuss some of our further plans for future ProtoPredator products. The idea is for the ProtoPredator line to expand into a family of products aimed at giving developers, device designers and owners/operators a tool set for doing operational and security testing. We hope to extend the product family across a range of ICS protocols. We are currently working on a suite of ProtoPredator tools in our testing lab, even as we “scratch our own itch” and design them to answer the needs we have in performing testing of SmartGrid and other ICS component security assessments and penetration tests.

Thanks to the community for their interest in ProtoPredator. We have a lot more to come and we greatly appreciate your support, engagement and feedback.

ProtoPredator for Smart Meters Released

Today, MicroSolved, Inc. is proud to announce the availability of their newest software product – ProtoPredator™ for Smart Meters (PP4SM). This tool is designed for smart meter manufacturers, owners and operators to be able to easily perform security and operational testing of the optical interfaces on their devices.

PP4SM is a professional grade testing tool for smart meter devices. Its features include:

  • Easy to use Windows GUI
  • Easy to monitor, manage and demonstrate testing to management teams
  • Packet replay capability empowers testers to easily perform testing, verification and demonstrations
  • Manual packet builder 
  • Packet builder includes a standards compliant automated checksum generator for each packet
  • Automated packet session engine 
  • Full interaction logging
  • Graphical interface display with real time testing results, progress meters and visual estimations
  • Flexibility in the testing environment or meter conditions

The tool can be used for fuzzing smart meter interactions, testing protocol rule enforcement, regression testing, fix verification and even as a mechanism to demonstrate identified issues to management and other stakeholders. 

ProtoPredator for Smart Meters is available commercially through a vetted licensing process. Licenses are available to verified utilitiy companies, asset owners, asset operators and manufacturers of metering devices. For more information about obtaining PP4SM or to learn more about the product, please contact an MSI account representative. 

More information is available via:

Twitter: @lbhuston

Phone: (614) 351-1237 ext 206

Email: info /at/ microsolved /dot/ com (please forgive the spam obfuscation…) 🙂