Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | March 20, 2011

Blackhat TPM Talk Follow-up

Since speaking at BlackHat DC 2009, there have been several inquiries in regards to the security of the SLE66PE series smartcard family. Here are some issues that should be pointed out: We have heard, “ took 6 months to succeed..” The reality is it took 4 months to tackle obsticles found in any <200nm device such as: Capitance/load of probe needles when chip is running.   Powering the device inside the chamber of a FIB workstation.   Level-shifting a 1.8v core voltage following what we learned in #1 above.   Cutting out metal…

Cesar Cerrudo
Blogs | INSIGHTS | August 9, 2010

Atmel ATMEGA2560 Analysis (Blackhat follow-up)

At this years Blackhat USA briefings, the ATMEGA2560 was shown as an example of an unsecure vs. secure device.  We have received a few requests for more information on this research so here it goes… The device did not even need to be stripped down because of designer lazyness back at Atmel HQ.  All we did was look for the metal plates we detailed back in our ATMEGA88 teardown last year and quickly deduced which outputs were the proper outputs in under 20 minutes. Atmel likes to…

Cesar Cerrudo
Blogs | INSIGHTS | August 7, 2010

Parallax Propeller P8X32A Quick Teardown

Parallax has a really neat 8 core 32 bit CPU called the ‘Propeller’.  It’s been out for a few years but it is gaining popularity.  There is no security with the device as it boots insecurely via a UART or I2C EEPROM.  None the less, we thought it was interesting to see an 8 core CPU decapsulated! One can clearly see 8 columns that appear almost symmetric (except in the middle region).  The upper 8 squares are each ‘cogs’ 512 * 32 SRAMs as described in the…

Cesar Cerrudo

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.