Blog

Premium Content Delivery on Android: how to guard an open platform

Premium Content Delivery on Android: how to guard an open platform

Defending an Android implementation of a secure media path also requires a unique set of methods. This whitepaper provides a high-level overview of Android security risks for the content ...
Lowering the bar: deep learning for side-channel analysis

Lowering the bar: deep learning for side-channel analysis

We show we can break a lightly protected AES, an AES implementation with masking countermeasures and a protected ECC implementation using Deep Learning.
Efficient Reverse Engineering of Automotive Firmware

Efficient Reverse Engineering of Automotive Firmware

In this paper we evaluate the efficiency of reverse engineering the firmware of an automotive embedded controller unit.
Fault injection on automotive diagnostic protocols

Fault injection on automotive diagnostic protocols

From the beginning of the electronics era in vehicles, car manufacturers have been trying to simplify how to troubleshoot problems in their vehicles.
The Threat of Security Vulnerabilities in Today’s Connected Automotive World

The Threat of Security Vulnerabilities in Today’s Connected Automotive World

The evolution of automotive systems has brought us into a world where both highly connected and autonomously operated vehicles are becoming commonplace.
Mobile Banking application security

Mobile Banking application security

In this paper we present the critical security challenges that Mobile Banking applications face in today’s market.
Bypassing Secure Boot using Fault Injection

Bypassing Secure Boot using Fault Injection

Watch the video of this research presented at SHA2017
Escalating Privileges in Linux using Fault Injection

Escalating Privileges in Linux using Fault Injection

Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI)
Safety does not equal Security in Automotive

Safety does not equal Security in Automotive

A security assessment of the resilience against fault injection attacks in ASIL-D certified microcontrollers
Security Highlight: Stretching local attacks too far

Security Highlight: Stretching local attacks too far

We take a closer look at the recent research that attempted to convert one side channel to another.
Type-Aware Fuzzing with Security Benchmarks

Type-Aware Fuzzing with Security Benchmarks

In this blog post, we discuss the problem of harnessing C code for fuzzing.
Security Highlight: Fuzzing in Device Security

Security Highlight: Fuzzing in Device Security

Fuzzing is a dynamic security testing method that has been a hot topic lately. In theory, it allows to automate vulnerability finding: you set it up once and then run continuously, in order to ...
My journey at Riscure: Ronan Loftus

My journey at Riscure: Ronan Loftus

Ronan Loftus is a Senior Security Analyst at Riscure. Ronan joined us in 2017 when Riscure was a much smaller company. Since then, Ronan has been working on various software security testing and ...
Talking about Clock Glitching

Talking about Clock Glitching

Clock Glitching as a viable technique that can potentially uncover new vulnerabilities and thus is useful in a hardware security testing environment.
The challenges of Continuous Fuzzing

The challenges of Continuous Fuzzing

The attack area of embedded systems is large. The software must not only be secure in friendly operational conditions but also be resilient in a hostile environment where data may be ...
Real-time code coverage during a fuzzing test

Real-time code coverage during a fuzzing test

Arjen Rouvoet, Senior Software Developer at Riscure, talks about the specifics of applying a fuzzing technique in embedded systems.
My journey at Riscure: Diego Rivera

My journey at Riscure: Diego Rivera

Diego Rivera is a senior developer at the Riscure True Code team. Three years ago, Diego joined Riscure’s software development team and has been working with them on our tools since then. In ...
Security Highlight: A further look at faulTPM’s deepest secrets

Security Highlight: A further look at faulTPM’s deepest secrets

Recently, a new paper was published by Hans Niklas Jacob et al, titled "faulTPM: Exposing AMD fTPMs’ Deepest Secrets". The paper demonstrates the impact of a previously published Voltage Fault ...