RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | May 22, 2012

ST19XL18P – K5F0A Teardown

4 Metal, 350 nanometer fabrication process, EAL4+ smart card.  A device fabricated in 2002 and yet, today the latest ST19W/N series only main differences are the ROM data bus output width into the decrypt block and the fabrication process (180nm and 150nm shrink). The device was dipped into a HydroFluoric (HF) bath until the active shielding fell off.  The result of this saved about 10 minutes of polishing to remove the surface oxide and Metal 4 (M4).  This also helps begin the polishing process on the lower layers fairly evenly….

IOActive
Blogs | INSIGHTS | March 20, 2011

Blackhat TPM Talk Follow-up

Since speaking at BlackHat DC 2009, there have been several inquiries in regards to the security of the SLE66PE series smartcard family. Here are some issues that should be pointed out: We have heard, “..it took 6 months to succeed..” The reality is it took 4 months to tackle obsticles found in any <200nm device such as: Capitance/load of probe needles when chip is running.   Powering the device inside the chamber of a FIB workstation.   Level-shifting a 1.8v core voltage following what we learned in #1 above.   Cutting out metal…

Cesar Cerrudo
Blogs | INSIGHTS | February 13, 2008

Atmel CryptoMemory AT88SC153/1608 :: Security Alert

A “backdoor” has been discovered by Flylogic Engineering in the Atmel AT88SC153 and AT88SC1608 CryptoMemory. Before we get into this more, we want to let you know immediately that this backdoor only involves the AT88SC153/1608 and no other CryptoMemory devices. The backdoor involves restoring an EEPROM fuse with Ultra-Violet light (UV).  Once the fuse bit has been returned to a ‘1’, all memory contents is permitted to be read or written in the clear (unencrypted). Normally in order to do so, you need to either authenticate to the device or…

IOActive

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)