Riscure Blog

Setting priorities right is very important when it comes to security. As a developer of a software and/or hardware solution, you simply cannot chase every single bug or design issue. If you know how your device or program can be attacked, you can work on countermeasures. However, there are many ways to attack, and this has to be prioritized further.

Riscure has discovered a serious vulnerability in an affordable ESP32 IoT solution developed by Espressif Systems.

Justin is on the phone with Alex from Riscure, discussing how to address security requirements from the OEM. After some minutes, Justin realized he needs to align with Chris from the OEM on what is the considered security context.

What does it mean that ‘The ECU debug system should be disabled in the production units’, how do I disable it? Do I set the microcontroller lock fuses? Or is it enough to remove the ECU debug header?

In this article we show an attack on unmodified KeepKey hardware cryptowallet, which uses electro-magnetic fault injection.