To use our site, you agree to the use of cookies and data processing according to our privacy statement.
Close
Search

Riscure Blog

On November 8, failOverflow reported finding the PS5 root keys for symmetric encryption. At first glance, this find may seem harmless as it will not directly provide code execution privileges. These keys only serve to keep the firmware confidential. In addition, since this report, the internet remained rather silent on the topic, so this may seem like an innocent isolated incident.

11/01/2022
Learn more

Researchers from universities in Singapore, China, and Switzerland have discovered a novel way to compromise the security of SGX, the Trusted Execution Environment provided by Intel. The attack allows a privileged attacker to retrieve secrets processed in a secure enclave, by which the benefit of the enclave is lost.

10/11/2021
Learn more

This month we celebrate 20 years of Riscure, and, as it happens, device security evaluation and certification emerged during that period. Whereas regulation is still limited to the most sensitive products, we also see a trend towards more semi-formal and voluntary certification for more products.

06/10/2021
Learn more

Electronic devices have a limited lifetime. Not so much because the electronics wear out, but because the technology ages. A typical example is a smartphone. People replace them because they seek the newest features, like communication speed, screen size, biometrics, and energy capacity. Due to the fast technological advancements, smartphones have an average lifespan of only 2.5 years. However, this parameter varies per product. TVs have a life expectancy of 6 years, and cars even survive 12 years.

02/09/2021
Learn more

Hardware Fault Injection is increasingly recognized as a dangerous alternative, or prelude, to pure software attacks. While FI attacks are often technically complex and require physical access to a device, they open up a world of attack opportunities leaving almost every line of code vulnerable.

10/08/2021
Learn more

On the device side, we can distinguish the 5G communication stack and the non-communication part of the device (including the hardware, OS, and applications).

13/07/2021
Learn more

Apple recently introduced the AirTag, a small 30$ device that helps you locate lost or stolen items.

09/06/2021
Learn more

CENSUS Labs has recently identified several vulnerabilities in the popular WhatsApp Android application.

12/05/2021
Learn more

Our team did a deep dive into TEEGRIS, the newest TEE of Samsung. As a result, we proved that this TEE, introduced in 2019 for the Galaxy S10, can be fully compromised by a determined expert. The research is documented in a series of technical blogs, but here we summarize the results and lessons for the non-technical reader.

07/04/2021
Learn more