Solving Problems With The IoT


The Internet of Things, a term once applied to almost any "smart" gadget connected to the Internet, is becoming more useful, more complex, and more of a security risk as the value of data continues to grow and more people depend on IoT technology. In the decades since the concept was first introduced, IoT devices have become so ubiquitous that applications cover practically every consumer, c... » read more

Security Highlight: Exploiting Persistent Faults In Crypto


At the most recent CHES workshop, Hossein Hadipour of the Graz University of Technology presented an important step forward in exploiting persistent faults in crypto. Differential Fault Analysis (DFA) is a well-known attack class that can lead to the compromise of a secret key when faults are injected during the execution of a cryptographic implementation. However, injecting transient fault... » read more

Automotive Security Vulnerabilities From Afar


Don't confuse automotive security with automotive safety, things like functional safety (FuSa) and ISO 26262. You need security to have safety. But security is its own thing. In a modern connected car, there are two places for security vulnerabilities. One is in the car itself. And the other is back at base in the automotive manufacturer's (OEM in the jargon) data centers, which the cars are co... » read more

Forgotten Essence Of The Backend Penetration Testing


At Riscure we have observed many severe security issues exploited by hackers even in previously certified solutions. In recent years, certification, which aims to minimize security risks, has become more important, especially in the mobile application industry. However, certification compliance is sometimes still not sufficient. This is especially noticeable when the solution’s functionality ... » read more

Countering The Threat From Quantum Computers


Quantum computers hold much promise for the future, yet their computing power poses a significant threat to current security methods such as public key cryptography. In this white paper, Infineon will examine this issue in detail, propose an approach for future security based on TPMs and discuss current TPM technology. The reader can expect to gain a good appreciation of the security issues sur... » read more

Week In Review: Auto, Security, Pervasive Computing


The U.S. Department of Defense updated the directive that governs the development and fielding of autonomous and semi-autonomous weapon systems. The revisions include an expanded focus on artificial intelligence, and reference to recently-established organizations like the DoD’s Chief Digital and Artificial Intelligence Office. NIST released a new guidance document aimed at helping organi... » read more

EV Architectures Evolving For Communication, Connectivity


Electric vehicle architectures are rapidly evolving to accommodate multiple forms of connectivity, including in-vehicle, vehicle-to-vehicle, and vehicle-to-infrastructure communication. But so far, automotive OEMs have yet to come to a consensus on the winning technologies or the necessary standards — all of which will be necessary as cars become increasingly autonomous and increasingly inter... » read more

Architecting Hardware Protection For Data At Rest, In Motion, And In Use


Planning the security architecture for any device begins with the security threat model. The threat model describes the types of attacks that the device or application may face and needs to be protected against. It is based on what attackers can do, what level of control they have over the product (i.e., remote, or direct access), and how much money and effort they are willing and able to spend... » read more

Security Highlight: Compromising Printers Via Malicious Third-Party Cartridges


This fall, HP Inc. published an article describing a buffer overflow vulnerability in their printer software which would allow an attacker to obtain persistent remote code execution on the printer. Buffer overflow vulnerabilities are common, but what makes this one noteworthy is that it can be exploited remotely by a malicious third-party printer cartridge. In the printer ecosystem, there ... » read more

Navigating The Intersection Of Safety And Security


Automotive IC safety and security continue to be hot topics across the industry, and one phrase you may often hear during discussion is: An automotive IC can be secure without needing to be safe, but an automotive IC cannot be safe without also being secure. Adding a bit of detail to that: An automotive IC which has an incomplete security architecture provides potential attack vectors w... » read more

← Older posts Newer posts →