Today, in many organizations, embedded (microelectronics) systems are not assessed at scale for software vulnerabilities because currently no portable, automated, easy-to-use, non-destructive, and offline tools are available for non-experts to test the firmware of already-deployed systems. Most organizations today critically depend on equipment to work. Many embedded systems have long lifecycles, are not mainstream, have initially often not been designed for be interconnected, and are already deployed. These already-deployed embedded systems often need to be analyzed in situ for vulnerabilities.
VAPTBOX is a portable device a non-expert user can carry on site and connect to an already-deployed embedded system via common external and internal connectors. VAPTBOX then automatically assesses the embedded system, and the user can view a “traffic light” (or advanced) report. VAPTBOX is unique in that it is usable by non-experts, is automated, battery-powered, non-destructive, and does not require internet. Also, VAPTBOX is designed to assess embedded systems firmware without prior knowledge about the assessed embedded system, and is designed to also detect previously unknown “zero day” vulnerabilities.