Blog

Fault injection on automotive diagnostic protocols

Fault injection on automotive diagnostic protocols

From the beginning of the electronics era in vehicles, car manufacturers have been trying to simplify how to troubleshoot problems in their vehicles.
The Threat of Security Vulnerabilities in Today’s Connected Automotive World

The Threat of Security Vulnerabilities in Today’s Connected Automotive World

The evolution of automotive systems has brought us into a world where both highly connected and autonomously operated vehicles are becoming commonplace.
Mobile Banking application security

Mobile Banking application security

In this paper we present the critical security challenges that Mobile Banking applications face in today’s market.
Bypassing Secure Boot using Fault Injection

Bypassing Secure Boot using Fault Injection

Watch the video of this research presented at SHA2017
Escalating Privileges in Linux using Fault Injection

Escalating Privileges in Linux using Fault Injection

Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI)
Safety does not equal Security in Automotive

Safety does not equal Security in Automotive

A security assessment of the resilience against fault injection attacks in ASIL-D certified microcontrollers
Secure Application Programming in the presence of Side Channel Attacks

Secure Application Programming in the presence of Side Channel Attacks

This paper introduces a collection of secure programming patterns for security critical devices. These patterns help developers to mitigate the risk of side channel attacks.
Practical steps to evaluate and protect Secure Boot

Practical steps to evaluate and protect Secure Boot

This paper reveals common weaknesses in Secure Boot implementations and proposes practical steps to enhance security of this critical element of an embedded system.
Learn how to keep your Over-The-Air Updates secure?

Learn how to keep your Over-The-Air Updates secure?

A perspective from the analysts at Riscure Security Lab, which was shared during SEMS, Paris on April 30th, 2017 by CEO Marc Witteman.
New ISO/SAE 21434 security standard and its effect on the industry

New ISO/SAE 21434 security standard and its effect on the industry

Recently, the new ISO/SAE 21434 security standard was published. The publication of the long-awaited standard marks a major milestone in automotive security.
Security highlight: What did we learn in 20 years of security evaluation?

Security highlight: What did we learn in 20 years of security evaluation?

This month we celebrate 20 years of Riscure, and, as it happens, device security evaluation and certification emerged during that period. Whereas regulation is still limited to the most ...
Security Highlight: Device lifespan implications on security

Security Highlight: Device lifespan implications on security

Electronic devices have a limited lifetime. Not so much because the electronics wear out, but because the technology ages. A typical example is a smartphone. People replace them because they ...
Security Highlight: Multi-fault attacks are practical

Security Highlight: Multi-fault attacks are practical

Hardware Fault Injection is increasingly recognized as a dangerous alternative, or prelude, to pure software attacks. While FI attacks are often technically complex and require physical access ...
Security Highlight: 5G Device Connectivity is not an attack target, but an attack enabler

Security Highlight: 5G Device Connectivity is not an attack target, but an attack enabler

On the device side, we can distinguish the 5G communication stack and the non-communication part of the device (including the hardware, OS, and applications).
Security Highlight: How bad is the Apple AirTag hack?

Security Highlight: How bad is the Apple AirTag hack?

Apple recently introduced the AirTag, a small 30$ device that helps you locate lost or stolen items.
Is software security attainable?

Is software security attainable?

Software security is widely considered an increasing concern. Daily reports of data breaches and hacked products feed the perception that everything is broken.
Security Highlight: How Hackers Obtain Remote-Code-Execution in WhatsApp

Security Highlight: How Hackers Obtain Remote-Code-Execution in WhatsApp

CENSUS Labs has recently identified several vulnerabilities in the popular WhatsApp Android application.
Analyzing developments in the latest version of the Movielabs’ Enhanced Content Protection Specification

Analyzing developments in the latest version of the Movielabs’ Enhanced Content Protection Specification

In this blog post will highlight some interesting developments introduced in this new version of the specification that are worth the attention of content protection professionals.