Riscure announces the latest release of True Code, a software tool, which helps software developers to identify and mitigate security vulnerabilities in embedded code. One of the major updates in the 2022.2 version is the expanded ability to simulate Fault Injection attacks. Simulation within True Code enables development teams to create test scenarios that can run automatically during the daily build process without the need for the physical hardware the software is developed for. This will make sure that potential Fault Injection vulnerabilities are detected in the early development stages at which time mitigating them is easier, cheaper, and faster.
New Features
One of the new features of Dynamic Analysis supports multiple-glitch attempts in a single Fault Injection (FI) simulation. With this feature, users can choose to run a simulation run not on 1 but up to 4 glitches. In real-world attacks, multiple precise glitches can be more powerful because they can be used to circumvent countermeasures for single-glitch attacks. The new multiple-glitch feature helps customers identify code that is vulnerable to these attacks in order to mitigate them and brings True Code simulation even closer to reality
Another important new feature within the Dynamic Analysis is the Parallel FI Simulation and Fuzzing, which will boost performance and total throughput time based on the resources that you can allocate for these tests. Riscure True Code Dynamic Analyses are now multi-threaded, allowing multiple cores on a machine to run the same analysis simultaneously with different inputs/seeds. This feature can significantly increase the number of simulations and fuzzer tests, finding more vulnerabilities and security bugs in less time.
Other improvements and bug fixes
This release includes a number of improvements and fixes, both on the user experience side, and on the analyses themselves. Most notably, the stubbing workflow has been improved and its capability of handling more code bases. Furthermore, several static analyses have been refined to find more potential bugs, and report their results more precisely. Moreover, both static and dynamic analysis is more informative about their operations and it is now more responsive to commands.
These are only some of the important updates introduced in the Riscure True Code version 2022.2. To learn more about True Code, follow this link. For more information about Riscure solutions for developers, reach out to us at welove.fi@riscure.com.