Blog

Fault injection on automotive diagnostic protocols

Fault injection on automotive diagnostic protocols

From the beginning of the electronics era in vehicles, car manufacturers have been trying to simplify how to troubleshoot problems in their vehicles.
The Threat of Security Vulnerabilities in Today’s Connected Automotive World

The Threat of Security Vulnerabilities in Today’s Connected Automotive World

The evolution of automotive systems has brought us into a world where both highly connected and autonomously operated vehicles are becoming commonplace.
Mobile Banking application security

Mobile Banking application security

In this paper we present the critical security challenges that Mobile Banking applications face in today’s market.
Bypassing Secure Boot using Fault Injection

Bypassing Secure Boot using Fault Injection

Watch the video of this research presented at SHA2017
Escalating Privileges in Linux using Fault Injection

Escalating Privileges in Linux using Fault Injection

Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI)
Safety does not equal Security in Automotive

Safety does not equal Security in Automotive

A security assessment of the resilience against fault injection attacks in ASIL-D certified microcontrollers
Secure Application Programming in the presence of Side Channel Attacks

Secure Application Programming in the presence of Side Channel Attacks

This paper introduces a collection of secure programming patterns for security critical devices. These patterns help developers to mitigate the risk of side channel attacks.
Practical steps to evaluate and protect Secure Boot

Practical steps to evaluate and protect Secure Boot

This paper reveals common weaknesses in Secure Boot implementations and proposes practical steps to enhance security of this critical element of an embedded system.
Learn how to keep your Over-The-Air Updates secure?

Learn how to keep your Over-The-Air Updates secure?

A perspective from the analysts at Riscure Security Lab, which was shared during SEMS, Paris on April 30th, 2017 by CEO Marc Witteman.
My journey at Riscure: Praveen Vadnala

My journey at Riscure: Praveen Vadnala

Praveen Vadnala, a principal security analyst, encourages companies to consider the security of their devices during all stages of the development lifecycle, and the earlier, the better.
Security highlight: Attack Stepping Stones

Security highlight: Attack Stepping Stones

Experienced hackers know that successful exploits usually require a series of vulnerabilities, the stepping stones. The combination of these vulnerabilities enables the attack path, and all of ...
Security Highlight: Risks of chip shortage

Security Highlight: Risks of chip shortage

The global chip shortage is leading to a variety of issues in electronics supply chains, from lead times of over two years to ten-fold price increases. Riscure has seen examples of such ...
My journey at Riscure: Rafael Boix Carpi

My journey at Riscure: Rafael Boix Carpi

Rafael Boix Carpi, principal trainer and security specialist at Riscure, believes that it is very hard to stay in the game of device security, where attackers constantly compete with defenders, ...
Security Highlight: The Return of Rowhammer

Security Highlight: The Return of Rowhammer

Do you remember the Rowhammer attack? This surprising attack published in 2015 exploited cross-talk between DRAM memory cells. In this type of memory, data is stored in tiny capacitors that are ...
My journey at Riscure: Ruben Muijrers

My journey at Riscure: Ruben Muijrers

Do you know how Riscure products stay up-to-date with the latest research and industry developments? Ruben Muijrers, the Product Owner for True Code and Inspector Hardware Tools at Riscure, ...
Introducing Riscuberry, Riscure’s advanced embedded target

Introducing Riscuberry, Riscure’s advanced embedded target

Considering the changes in the security landscape, the new IoT target Riscuberry serves multiple purposes. Riscuberry is not only an up-to-date target for embedded security training but also a ...
Security Highlight: What to expect after the PS5 root key discovery?

Security Highlight: What to expect after the PS5 root key discovery?

On November 8, failOverflow reported finding the PS5 root keys for symmetric encryption. At first glance, this find may seem harmless as it will not directly provide code execution privileges. ...
Security Highlight: SmashEx threatens SGX applications on Intel chips

Security Highlight: SmashEx threatens SGX applications on Intel chips

Researchers from universities in Singapore, China, and Switzerland have discovered a novel way to compromise the security of SGX, the Trusted Execution Environment provided by Intel. The attack ...