To use our site, you agree to the use of cookies and data processing according to our privacy statement.
Close
Search

Riscure Blog

Experienced hackers know that successful exploits usually require a series of vulnerabilities, the stepping stones. The combination of these vulnerabilities enables the attack path, and all of them are needed.

12/05/2022
Learn more

Praveen Vadnala, a principal security analyst, encourages companies to consider the security of their devices during all stages of the development lifecycle, and the earlier, the better.

11/05/2022
Learn more

The global chip shortage is leading to a variety of issues in electronics supply chains, from lead times of over two years to ten-fold price increases. Riscure has seen examples of such shortages impacting low-level functionality of embedded devices, as well as various DRM systems. From smart TVs protecting the keys for streaming content to label printer consumables with radio-frequency identification (RFID) tags. The lesson to learn here is to plan for the worst outcome, and make sure necessary changes in the schematics and switching to a different component type does not impact the security.

06/04/2022
Learn more

Rafael Boix Carpi, principal trainer and security specialist at Riscure, believes that it is very hard to stay in the game of device security, where attackers constantly compete with defenders, without a solid foundation of expertise. Furthermore, even experts with a strong foundation in device security should always continue learning to stay up-to-date with the ever-changing rules of the game.

05/04/2022
Learn more

Do you remember the Rowhammer attack? This surprising attack published in 2015 exploited cross-talk between DRAM memory cells. In this type of memory, data is stored in tiny capacitors that are periodically refreshed.

08/03/2022
Learn more

Do you know how Riscure products stay up-to-date with the latest research and industry developments? Ruben Muijrers, the Product Owner for True Code and Inspector Hardware Tools at Riscure, believes that it is vital to listen to our customers’ experiences with using these tools and keep track of the latest attacks.

08/03/2022
Learn more

Considering the changes in the security landscape, the new IoT target Riscuberry serves multiple purposes. Riscuberry is not only an up-to-date target for embedded security training but also a training target for FI and SCA. Riscuberry is also used to develop new training and serve as a research platform.

07/02/2022
Learn more

On November 8, failOverflow reported finding the PS5 root keys for symmetric encryption. At first glance, this find may seem harmless as it will not directly provide code execution privileges. These keys only serve to keep the firmware confidential. In addition, since this report, the internet remained rather silent on the topic, so this may seem like an innocent isolated incident.

11/01/2022
Learn more

Researchers from universities in Singapore, China, and Switzerland have discovered a novel way to compromise the security of SGX, the Trusted Execution Environment provided by Intel. The attack allows a privileged attacker to retrieve secrets processed in a secure enclave, by which the benefit of the enclave is lost.

10/11/2021
Learn more