To use our site, you agree to the use of cookies and data processing according to our privacy statement.

Riscure Blog

Recently, Apple introduced a useful but potentially dangerous feature to its iPhones. Most of us would assume that a phone becomes inactive when switched off by the user or, due to low power. Surprisingly, newer phones continue limited functionality for several hours in low power mode or even if it is off. This includes cards in your Wallet and the Find My service. This feature caught the attention of TU Darmstadt, resulting in an interesting paper.

Learn more

Experienced hackers know that successful exploits usually require a series of vulnerabilities, the stepping stones. The combination of these vulnerabilities enables the attack path, and all of them are needed.

Learn more

The global chip shortage is leading to a variety of issues in electronics supply chains, from lead times of over two years to ten-fold price increases. Riscure has seen examples of such shortages impacting low-level functionality of embedded devices, as well as various DRM systems. From smart TVs protecting the keys for streaming content to label printer consumables with radio-frequency identification (RFID) tags. The lesson to learn here is to plan for the worst outcome, and make sure necessary changes in the schematics and switching to a different component type does not impact the security.

Learn more

Do you remember the Rowhammer attack? This surprising attack published in 2015 exploited cross-talk between DRAM memory cells. In this type of memory, data is stored in tiny capacitors that are periodically refreshed.

Learn more

On November 8, failOverflow reported finding the PS5 root keys for symmetric encryption. At first glance, this find may seem harmless as it will not directly provide code execution privileges. These keys only serve to keep the firmware confidential. In addition, since this report, the internet remained rather silent on the topic, so this may seem like an innocent isolated incident.

Learn more

Researchers from universities in Singapore, China, and Switzerland have discovered a novel way to compromise the security of SGX, the Trusted Execution Environment provided by Intel. The attack allows a privileged attacker to retrieve secrets processed in a secure enclave, by which the benefit of the enclave is lost.

Learn more

This month we celebrate 20 years of Riscure, and, as it happens, device security evaluation and certification emerged during that period. Whereas regulation is still limited to the most sensitive products, we also see a trend towards more semi-formal and voluntary certification for more products.

Learn more

Electronic devices have a limited lifetime. Not so much because the electronics wear out, but because the technology ages. A typical example is a smartphone. People replace them because they seek the newest features, like communication speed, screen size, biometrics, and energy capacity. Due to the fast technological advancements, smartphones have an average lifespan of only 2.5 years. However, this parameter varies per product. TVs have a life expectancy of 6 years, and cars even survive 12 years.

Learn more

Hardware Fault Injection is increasingly recognized as a dangerous alternative, or prelude, to pure software attacks. While FI attacks are often technically complex and require physical access to a device, they open up a world of attack opportunities leaving almost every line of code vulnerable.

Learn more