Extended hardware pentest + CRA evidence

Find the real device attack surface before a customer or assessor finds it.

A scoped hands-on assessment connects hardware pentesting, board inspection, debug interfaces, firmware paths and a CRA-ready evidence matrix.

Acecode electronics lab and embedded hardware work

What this service is for

This is effectively an extended hardware pentest for a connected embedded product. Like a traditional pentest, it looks for the real attack surface of the device, but the deliverable is broader: findings, lab evidence, remediation path and a CRA-ready evidence matrix in one package.

This assessment is for manufacturers who need a practical, evidence-based view of a connected device's real attack surface. It is especially useful before customer due diligence, partner reviews, CRA preparation, certification discussions or a product security remediation cycle.

The work is engineering-led: scope and safe handling first, then visible surfaces, board-level observations, debug and service paths, firmware chain and finally findings that product development can act on.

What is assessed

  • Physical and logical debug paths: UART, JTAG, SWD, SPI, I2C and production test remnants.
  • Boot, reset, service and diagnostics behaviour.
  • Firmware image availability, versioning, packaging and static review where in scope.
  • Secure boot, update, rollback, recovery and device identity controls.
  • Component and SoC security claims as they apply to the final product.
  • Evidence traceability for technical documentation and remediation planning.

How the work proceeds

  • Scope, rules of engagement, test boundaries and chain-of-custody.
  • Black-box review: ports, services, boot, reset, update and maintenance paths.
  • Board inspection: markings, components, test points, connectors, debug traces and measurement targets.
  • Firmware and update-path review according to agreed availability and risk.
  • Finding prioritisation: impact, repeatability, remediation path and acceptance criteria.

Deliverables

  • Executive summary for management.
  • Technical findings with severity, impact and remediation guidance.
  • Evidence-oriented finding references.
  • CRA traceability view and evidence matrix where relevant.
  • Retest criteria for closing findings.

Boundaries

Acecode does not provide legal CRA certification or Notified Body services. The assessment produces technical evidence and practical remediation guidance to support the manufacturer's own conformity work and selected assessment path.

Sensitive method details, exact exploit parameters and raw evidence are handled separately from broadly shared reports.

Practical assessment structure

01

Attack surface

02

Firmware path

03

Evidence