Blog

Bypassing Secure Boot Using Fault Injection

Bypassing Secure Boot Using Fault Injection

This research is also available in a form of slides and video from the BlackHat Europe 2016.
Extracting and Analyzing Automotive Firmware Efficiently

Extracting and Analyzing Automotive Firmware Efficiently

In this paper we discuss hardware attacks, like fault injection, which can be used to efficiently extract automotive firmware from secured ECUs.
Side-channel based intrusion detection for industrial control systems

Side-channel based intrusion detection for industrial control systems

Research paper written by Pol Van Aubel and Kostas Papagiannopoulos from Radboud University, Digital Security Group; Lukasz Chmielewski from Riscure; Christian Doerr from Delft University of ...
Analyzing the security of Cloud-Based Payment apps on Android

Analyzing the security of Cloud-Based Payment apps on Android

Riscure’s researchers analyzed more than 426 Android payment applications, downloaded directly from the Google App Store.
Deep Learning for Side Channel Analysis: Tuning your network efficiently

Deep Learning for Side Channel Analysis: Tuning your network efficiently

A video presentation by Guilherme Perin, from the Riscure User Workshop
13 steps to improve security and privacy when developing a smart lock

13 steps to improve security and privacy when developing a smart lock

Our findings show that smart locks can introduce new security risks. We provide 13 recommendations for smart lock developers in this whitepaper.
Premium Content Delivery on Android: how to guard an open platform

Premium Content Delivery on Android: how to guard an open platform

Defending an Android implementation of a secure media path also requires a unique set of methods. This whitepaper provides a high-level overview of Android security risks for the content ...
Lowering the bar: deep learning for side-channel analysis

Lowering the bar: deep learning for side-channel analysis

We show we can break a lightly protected AES, an AES implementation with masking countermeasures and a protected ECC implementation using Deep Learning.
Efficient Reverse Engineering of Automotive Firmware

Efficient Reverse Engineering of Automotive Firmware

In this paper we evaluate the efficiency of reverse engineering the firmware of an automotive embedded controller unit.
My journey at Riscure: Praveen Vadnala

My journey at Riscure: Praveen Vadnala

Praveen Vadnala, a principal security analyst, encourages companies to consider the security of their devices during all stages of the development lifecycle, and the earlier, the better.
Security highlight: Attack Stepping Stones

Security highlight: Attack Stepping Stones

Experienced hackers know that successful exploits usually require a series of vulnerabilities, the stepping stones. The combination of these vulnerabilities enables the attack path, and all of ...
Security Highlight: Risks of chip shortage

Security Highlight: Risks of chip shortage

The global chip shortage is leading to a variety of issues in electronics supply chains, from lead times of over two years to ten-fold price increases. Riscure has seen examples of such ...
My journey at Riscure: Rafael Boix Carpi

My journey at Riscure: Rafael Boix Carpi

Rafael Boix Carpi, principal trainer and security specialist at Riscure, believes that it is very hard to stay in the game of device security, where attackers constantly compete with defenders, ...
Security Highlight: The Return of Rowhammer

Security Highlight: The Return of Rowhammer

Do you remember the Rowhammer attack? This surprising attack published in 2015 exploited cross-talk between DRAM memory cells. In this type of memory, data is stored in tiny capacitors that are ...
My journey at Riscure: Ruben Muijrers

My journey at Riscure: Ruben Muijrers

Do you know how Riscure products stay up-to-date with the latest research and industry developments? Ruben Muijrers, the Product Owner for True Code and Inspector Hardware Tools at Riscure, ...
Introducing Riscuberry, Riscure’s advanced embedded target

Introducing Riscuberry, Riscure’s advanced embedded target

Considering the changes in the security landscape, the new IoT target Riscuberry serves multiple purposes. Riscuberry is not only an up-to-date target for embedded security training but also a ...
Security Highlight: What to expect after the PS5 root key discovery?

Security Highlight: What to expect after the PS5 root key discovery?

On November 8, failOverflow reported finding the PS5 root keys for symmetric encryption. At first glance, this find may seem harmless as it will not directly provide code execution privileges. ...
Security Highlight: SmashEx threatens SGX applications on Intel chips

Security Highlight: SmashEx threatens SGX applications on Intel chips

Researchers from universities in Singapore, China, and Switzerland have discovered a novel way to compromise the security of SGX, the Trusted Execution Environment provided by Intel. The attack ...