Blog

Controlling PC on ARM using Fault Injection

Controlling PC on ARM using Fault Injection

Fault injection attacks are a powerful technique to influence the intended behavior of embedded systems.
Why is it so hard to make secure chips?

Why is it so hard to make secure chips?

Why is it so hard to make secure chips? from Riscure
Unboxing the White-Box

Unboxing the White-Box

Typical threat modeling applied in cryptography involves a malicious third party attempting to access content. Download the whitepaper.
Fast and Memory-Efficient Key Recovery in Side-Channel Attacks

Fast and Memory-Efficient Key Recovery in Side-Channel Attacks

Side-channel attacks are techniques to attack implementations of cryptographic algorithms by observing its physical parameter. Read more.
Risk mitigation for sensitive applets in a multi-application context

Risk mitigation for sensitive applets in a multi-application context

Java Cards typically host multiple applets. These are provided in binary CAP files, containing library code or applets.
How to secure HCE

How to secure HCE

How to secure HCE from Riscure
Practical Differential Fault Attack on AES

Practical Differential Fault Attack on AES

Practical Differential Fault Attack on AES from Riscure
Optical fault injection on secure Microcontrollers

Optical fault injection on secure Microcontrollers

In this paper we detail the latest developments regarding optical fault injection on secure microcontrollers.
Defeating RSA Countermeasures

Defeating RSA Countermeasures

Defeating RSA Multiply-Always and Message Blinding Countermeasures from Riscure
Security highlight: What did we learn in 20 years of security evaluation?

Security highlight: What did we learn in 20 years of security evaluation?

This month we celebrate 20 years of Riscure, and, as it happens, device security evaluation and certification emerged during that period. Whereas regulation is still limited to the most ...
Security Highlight: Device lifespan implications on security

Security Highlight: Device lifespan implications on security

Electronic devices have a limited lifetime. Not so much because the electronics wear out, but because the technology ages. A typical example is a smartphone. People replace them because they ...
Security Highlight: Multi-fault attacks are practical

Security Highlight: Multi-fault attacks are practical

Hardware Fault Injection is increasingly recognized as a dangerous alternative, or prelude, to pure software attacks. While FI attacks are often technically complex and require physical access ...
Security Highlight: 5G Device Connectivity is not an attack target, but an attack enabler

Security Highlight: 5G Device Connectivity is not an attack target, but an attack enabler

On the device side, we can distinguish the 5G communication stack and the non-communication part of the device (including the hardware, OS, and applications).
Security Highlight: How bad is the Apple AirTag hack?

Security Highlight: How bad is the Apple AirTag hack?

Apple recently introduced the AirTag, a small 30$ device that helps you locate lost or stolen items.
Is software security attainable?

Is software security attainable?

Software security is widely considered an increasing concern. Daily reports of data breaches and hacked products feed the perception that everything is broken.
Security Highlight: How Hackers Obtain Remote-Code-Execution in WhatsApp

Security Highlight: How Hackers Obtain Remote-Code-Execution in WhatsApp

CENSUS Labs has recently identified several vulnerabilities in the popular WhatsApp Android application.
Analyzing developments in the latest version of the Movielabs’ Enhanced Content Protection Specification

Analyzing developments in the latest version of the Movielabs’ Enhanced Content Protection Specification

In this blog post will highlight some interesting developments introduced in this new version of the specification that are worth the attention of content protection professionals.
Security evaluation of a smart device: D-Link DIR 2680 router

Security evaluation of a smart device: D-Link DIR 2680 router

In this blog post, Riscure’s security analyst Naasa Fikri and senior trainer/senior security analyst Yashin Mehaboobe illustrate a common approach for a light security assessment of smart home ...