A Comprehensive Security Audit of Bosch’s Embedded Solutions

Location: Germany 

Industry: Manufacturing 

Employees: 10,000+ 

Website: www.boschsecurity.com 

About the Client: 

Bosch Security & Safety Systems is a leading global supplier of security, safety, and communications products and systems. The product portfolio includes video surveillance, intrusion detection, fire detection, and voice evacuation systems. as well as access control and management systems. The company develops and manufactures its products in its own plants in Europe, the Americas, and Asia and has distribution partners in more than 150 countries. 

Business Challenge 

As a trusted partner of Bosch Security & Safety Systems for years, we’ve worked on numerous projects together that turned out to be a success. As a continuation of our collaboration, the company asked us to carry out an independent and in-depth security assessment of various client-server and embedded solutions. 

Solution  

Types of services: 

• Security assessment 
• Threat and risk analysis 
• Penetration testing 

We created detailed, straightforward guidelines and comprehensive documentation outlining technical security evaluations. Once the security assessment plan was approved by Bosch, we executed the security project A to Z. This included penetration testing and an in-depth technical security review of the physical security management solutions and the embedded software of the devices, covering application binaries, configs, data, traffic, protocols, user interfaces, encryption, DBs, and more. Every step was performed in strict accordance with the existing Bosch policies and regulatory standards. 

Standards and tools 

The project was conducted with adherence to the world’s best practices – NIST SP800-115, PTES, OWASP, EC-Council, ISF SoGP, BSI IT-Grundschutz. 

We utilized a wide array of proprietary automated and manual solutions for security assessment, including tools for reconnaissance, enumeration, and scanning, network traffic analysis and sniffing, web and TCP debugging proxies, database vulnerability scanning tools, cryptanalysis utilities, binary analysis software, debuggers, and more. 

Business Value 

Bosch was provided with extensive reports highlighting security risks and vulnerabilities, along with strategic and tactical recommendations for threat mitigation and security enhancement. The project resulted in several key benefits: 

• Lower security-related costs 
• Significantly decreased business risks 
• Enhanced quality of products destined for global end-users 

Client Quote 

The Bosch brand is a global leader in quality and innovations. Our product philosophy is to build reliable and trustworthy solutions with adherence to the highest industry standards. By making valuable contributions to the development of our products, our partner has proven to be a productive, efficient, and reliable partner for Bosch Security & Safety Systems. We would like to express sincere appreciation for the quality of services delivered by the security team of our partner. 

- Harald Schoengen 

Senior Manager at Bosch Security & Safety Systems