Blog

Efficient Reverse Engineering of Automotive Firmware

Efficient Reverse Engineering of Automotive Firmware

In this paper we evaluate the efficiency of reverse engineering the firmware of an automotive embedded controller unit.
Fault injection on automotive diagnostic protocols

Fault injection on automotive diagnostic protocols

From the beginning of the electronics era in vehicles, car manufacturers have been trying to simplify how to troubleshoot problems in their vehicles.
The Threat of Security Vulnerabilities in Today’s Connected Automotive World

The Threat of Security Vulnerabilities in Today’s Connected Automotive World

The evolution of automotive systems has brought us into a world where both highly connected and autonomously operated vehicles are becoming commonplace.
Mobile Banking application security

Mobile Banking application security

In this paper we present the critical security challenges that Mobile Banking applications face in today’s market.
Bypassing Secure Boot using Fault Injection

Bypassing Secure Boot using Fault Injection

Watch the video of this research presented at SHA2017
Escalating Privileges in Linux using Fault Injection

Escalating Privileges in Linux using Fault Injection

Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI)
Safety does not equal Security in Automotive

Safety does not equal Security in Automotive

A security assessment of the resilience against fault injection attacks in ASIL-D certified microcontrollers
Secure Application Programming in the presence of Side Channel Attacks

Secure Application Programming in the presence of Side Channel Attacks

This paper introduces a collection of secure programming patterns for security critical devices. These patterns help developers to mitigate the risk of side channel attacks.
Practical steps to evaluate and protect Secure Boot

Practical steps to evaluate and protect Secure Boot

This paper reveals common weaknesses in Secure Boot implementations and proposes practical steps to enhance security of this critical element of an embedded system.
My journey at Riscure: Anna Kolesnichenko

My journey at Riscure: Anna Kolesnichenko

  What is the role of the Operations Manager? I’m responsible for the well-being of the certification team, starting from ensuring the fulfillment of customer requests on ...
Security Highlight: Honda Rolling-PWN attack

Security Highlight: Honda Rolling-PWN attack

The attack known as Rolling-PWN (CVE-2021-46145) [1] is the latest of a recent series of security issues affecting the car’s immobilizers and RKEs (Remote Keyless Entry, also known as the keyfob ...
My journey at Riscure: Nikola Medic

My journey at Riscure: Nikola Medic

  Nikola Medic, Director of Sales Certification at Riscure, has been helping customers find the best way to meet their product deployment objectives for more than 5 ...
Security Highlight: Hertzbleed – prime time for power side channel countermeasures or novelty attack?

Security Highlight: Hertzbleed – prime time for power side channel countermeasures or novelty attack?

Hertzbleed is a new side-channel attack that turns a power side channel into a timing side channel. That timing side channel may be exploitable even if the algorithm runs in a constant number of ...
My journey at Riscure: Hanna Humenyuk

My journey at Riscure: Hanna Humenyuk

Hanna Humenyuk is an International Sales and Business Development Manager specializing in Mobile Payment Security at Riscure. Before joining Riscure, Hanna worked in FinTech for over 10 years. ...
DRM security trends and future

DRM security trends and future

The security measures implemented on the device determine the overall system level of protection as required by the license.
Security Highlight: Evil Never Sleeps

Security Highlight: Evil Never Sleeps

Recently, Apple introduced a useful but potentially dangerous feature to its iPhones. Most of us would assume that a phone becomes inactive when switched off by the user or, due to low power. ...
My journey at Riscure: Siebe Krijgsman

My journey at Riscure: Siebe Krijgsman

Siebe Krijgsman, Principal Engineer at Riscure, compares fundamental security topics to old action movies. He discusses the differences between various Riscure tools and the challenges of ...
My journey at Riscure: Praveen Vadnala

My journey at Riscure: Praveen Vadnala

Praveen Vadnala, a principal security analyst, encourages companies to consider the security of their devices during all stages of the development lifecycle, and the earlier, the better.