Blog

Bypassing Secure Boot using Fault Injection

Bypassing Secure Boot using Fault Injection

Watch the video of this research presented at SHA2017
Escalating Privileges in Linux using Fault Injection

Escalating Privileges in Linux using Fault Injection

Today’s standard embedded device technology is not robust against Fault Injection (FI) attacks such as Voltage Fault Injection (V-FI)
Safety does not equal Security in Automotive

Safety does not equal Security in Automotive

A security assessment of the resilience against fault injection attacks in ASIL-D certified microcontrollers
Secure Application Programming in the presence of Side Channel Attacks

Secure Application Programming in the presence of Side Channel Attacks

This paper introduces a collection of secure programming patterns for security critical devices. These patterns help developers to mitigate the risk of side channel attacks.
Practical steps to evaluate and protect Secure Boot

Practical steps to evaluate and protect Secure Boot

This paper reveals common weaknesses in Secure Boot implementations and proposes practical steps to enhance security of this critical element of an embedded system.
Learn how to keep your Over-The-Air Updates secure?

Learn how to keep your Over-The-Air Updates secure?

A perspective from the analysts at Riscure Security Lab, which was shared during SEMS, Paris on April 30th, 2017 by CEO Marc Witteman.
Controlling PC on ARM using Fault Injection

Controlling PC on ARM using Fault Injection

Fault injection attacks are a powerful technique to influence the intended behavior of embedded systems.
Why is it so hard to make secure chips?

Why is it so hard to make secure chips?

Why is it so hard to make secure chips? from Riscure
Unboxing the White-Box

Unboxing the White-Box

Typical threat modeling applied in cryptography involves a malicious third party attempting to access content. Download the whitepaper.
Security Highlight: CPU Fuzzing

Security Highlight: CPU Fuzzing

We look at the recent publication in the growing field of pre-silicon security analysis, particularly in CPU fuzzing.
My internship at Riscure: Utsav Dayal

My internship at Riscure: Utsav Dayal

In this blog post, Security Analyst Utsav Dayal shares his internship experience at Riscure and discusses the research he worked on.
Flipper Zero – The Controversial Pentesting Tool That Went Viral

Flipper Zero – The Controversial Pentesting Tool That Went Viral

Flipper Zero - a pocket-sized hacking tool - is stirring debates in the device security community.
Security Highlight: You may be leaking secrets if you don’t keep your pace

Security Highlight: You may be leaking secrets if you don’t keep your pace

At the recent CHES conference in Prague a team from Karlsruhe Institute of Technology reported a new side channel and a successful attack.
Security Highlight: The Impact of Zenbleed

Security Highlight: The Impact of Zenbleed

In this blog post we discuss the recent hardware vulnerability in AMD Zen 2 processors.
Security Highlight: Stretching local attacks too far

Security Highlight: Stretching local attacks too far

We take a closer look at the recent research that attempted to convert one side channel to another.
Type-Aware Fuzzing with Security Benchmarks

Type-Aware Fuzzing with Security Benchmarks

In this blog post, we discuss the problem of harnessing C code for fuzzing.
Security Highlight: Fuzzing in Device Security

Security Highlight: Fuzzing in Device Security

Fuzzing is a dynamic security testing method that has been a hot topic lately. In theory, it allows to automate vulnerability finding: you set it up once and then run continuously, in order to ...
My journey at Riscure: Ronan Loftus

My journey at Riscure: Ronan Loftus

Ronan Loftus is a Senior Security Analyst at Riscure. Ronan joined us in 2017 when Riscure was a much smaller company. Since then, Ronan has been working on various software security testing and ...