Blog

Escalating Privileges in Linux using Fault Injection

Escalating Privileges in Linux using Fault Injection

Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI)
Safety does not equal Security in Automotive

Safety does not equal Security in Automotive

A security assessment of the resilience against fault injection attacks in ASIL-D certified microcontrollers
Secure Application Programming in the presence of Side Channel Attacks

Secure Application Programming in the presence of Side Channel Attacks

This paper introduces a collection of secure programming patterns for security critical devices. These patterns help developers to mitigate the risk of side channel attacks.
Practical steps to evaluate and protect Secure Boot

Practical steps to evaluate and protect Secure Boot

This paper reveals common weaknesses in Secure Boot implementations and proposes practical steps to enhance security of this critical element of an embedded system.
Learn how to keep your Over-The-Air Updates secure?

Learn how to keep your Over-The-Air Updates secure?

A perspective from the analysts at Riscure Security Lab, which was shared during SEMS, Paris on April 30th, 2017 by CEO Marc Witteman.
Controlling PC on ARM using Fault Injection

Controlling PC on ARM using Fault Injection

Fault injection attacks are a powerful technique to influence the intended behavior of embedded systems.
Why is it so hard to make secure chips?

Why is it so hard to make secure chips?

Why is it so hard to make secure chips? from Riscure
Unboxing the White-Box

Unboxing the White-Box

Typical threat modeling applied in cryptography involves a malicious third party attempting to access content. Download the whitepaper.
Fast and Memory-Efficient Key Recovery in Side-Channel Attacks

Fast and Memory-Efficient Key Recovery in Side-Channel Attacks

Side-channel attacks are techniques to attack implementations of cryptographic algorithms by observing its physical parameter. Read more.
Security Highlight: The Impact of Zenbleed

Security Highlight: The Impact of Zenbleed

In this blog post we discuss the recent hardware vulnerability in AMD Zen 2 processors.
Security Highlight: Stretching local attacks too far

Security Highlight: Stretching local attacks too far

We take a closer look at the recent research that attempted to convert one side channel to another.
Type-Aware Fuzzing with Security Benchmarks

Type-Aware Fuzzing with Security Benchmarks

In this blog post, we discuss the problem of harnessing C code for fuzzing.
Security Highlight: Fuzzing in Device Security

Security Highlight: Fuzzing in Device Security

Fuzzing is a dynamic security testing method that has been a hot topic lately. In theory, it allows to automate vulnerability finding: you set it up once and then run continuously, in order to ...
My journey at Riscure: Ronan Loftus

My journey at Riscure: Ronan Loftus

Ronan Loftus is a Senior Security Analyst at Riscure. Ronan joined us in 2017 when Riscure was a much smaller company. Since then, Ronan has been working on various software security testing and ...
Talking about Clock Glitching

Talking about Clock Glitching

Clock Glitching as a viable technique that can potentially uncover new vulnerabilities and thus is useful in a hardware security testing environment.
The challenges of Continuous Fuzzing

The challenges of Continuous Fuzzing

The attack area of embedded systems is large. The software must not only be secure in friendly operational conditions but also be resilient in a hostile environment where data may be ...
Real-time code coverage during a fuzzing test

Real-time code coverage during a fuzzing test

Arjen Rouvoet, Senior Software Developer at Riscure, talks about the specifics of applying a fuzzing technique in embedded systems.
My journey at Riscure: Diego Rivera

My journey at Riscure: Diego Rivera

Diego Rivera is a senior developer at the Riscure True Code team. Three years ago, Diego joined Riscure’s software development team and has been working with them on our tools since then. In ...