Blog

PEW PEW PEW: Designing Secure Boot Securely

PEW PEW PEW: Designing Secure Boot Securely

We present our vision on secure boot design for embedded devices by means of clear, concrete, practical and easy-to-follow recommendations.
Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses

Secure Boot Under Attack: Simulation to Enhance Fault Attacks & Defenses

This talk presents a fault simulator created using existing open-source components and without requiring a detailed model of the underlying hardware.
Security implications of accepting transactions on smartphones

Security implications of accepting transactions on smartphones

One of the most exciting innovations in the payment chain for retailers today is the potential of utilizing commercial-of-the-shelf (COTS) smartphones for Point-of-Sale terminals, also known as ...
Bypassing Secure Boot Using Fault Injection

Bypassing Secure Boot Using Fault Injection

This research is also available in a form of slides and video from the BlackHat Europe 2016.
Extracting and Analyzing Automotive Firmware Efficiently

Extracting and Analyzing Automotive Firmware Efficiently

In this paper we discuss hardware attacks, like fault injection, which can be used to efficiently extract automotive firmware from secured ECUs.
Side-channel based intrusion detection for industrial control systems

Side-channel based intrusion detection for industrial control systems

Research paper written by Pol Van Aubel and Kostas Papagiannopoulos from Radboud University, Digital Security Group; Lukasz Chmielewski from Riscure; Christian Doerr from Delft University of ...
Analyzing the security of Cloud-Based Payment apps on Android

Analyzing the security of Cloud-Based Payment apps on Android

Riscure’s researchers analyzed more than 426 Android payment applications, downloaded directly from the Google App Store.
Deep Learning for Side Channel Analysis: Tuning your network efficiently

Deep Learning for Side Channel Analysis: Tuning your network efficiently

A video presentation by Guilherme Perin, from the Riscure User Workshop
13 steps to improve security and privacy when developing a smart lock

13 steps to improve security and privacy when developing a smart lock

Our findings show that smart locks can introduce new security risks. We provide 13 recommendations for smart lock developers in this whitepaper.
Talking about Clock Glitching

Talking about Clock Glitching

Clock Glitching as a viable technique that can potentially uncover new vulnerabilities and thus is useful in a hardware security testing environment.
The challenges of Continuous Fuzzing

The challenges of Continuous Fuzzing

The attack area of embedded systems is large. The software must not only be secure in friendly operational conditions but also be resilient in a hostile environment where data may be ...
Real-time code coverage during a fuzzing test

Real-time code coverage during a fuzzing test

Arjen Rouvoet, Senior Software Developer at Riscure, talks about the specifics of applying a fuzzing technique in embedded systems.
My journey at Riscure: Diego Rivera

My journey at Riscure: Diego Rivera

Diego Rivera is a senior developer at the Riscure True Code team. Three years ago, Diego joined Riscure’s software development team and has been working with them on our tools since then. In ...
Security Highlight: A further look at faulTPM’s deepest secrets

Security Highlight: A further look at faulTPM’s deepest secrets

Recently, a new paper was published by Hans Niklas Jacob et al, titled "faulTPM: Exposing AMD fTPMs’ Deepest Secrets". The paper demonstrates the impact of a previously published Voltage Fault ...
Secure Implementation of Post Quantum Crypto in the spotlight

Secure Implementation of Post Quantum Crypto in the spotlight

Marc Witteman shares his thoughts on the latest developments in secure Post Quantum Crypto
My journey at Riscure: Nicole Fern

My journey at Riscure: Nicole Fern

Nicole Fern is a Senior Security Analyst at Riscure North America. In this role she works on both hardware and software projects, and is also involved in Riscure’s Training Academy as a trainer. ...
Security Highlight: ChatGPT vs Security Analyst

Security Highlight: ChatGPT vs Security Analyst

At Riscure, we like to explore new technologies that can help us better help our customers. Undoubtedly, the latest famous new applications are various versions of ChatGPT, a recently accessible ...
My journey at Riscure: Nisrine Jafri

My journey at Riscure: Nisrine Jafri

Nisrine Jafri is a Senior Security Analyst and Evaluator at Riscure. After switching from academia to industry work 2 years ago, Nisrine has been mainly working on Certification projects at ...