diamond_full diamond diamond_half diamond_euro search-icon menu chat-icon close-icon envelope-icon smartphone-call-icon

Themen

embedded security

preview-image for PROBoter title image

Visual PCB analysis with Neural Networks and classic Computer Vision algorithms

8. August, 2022 #proboter #embedded security #secforcars #toolrelease

The last part of the PROBoter series introduced the heart of the PROBoter framework - the hardware platform. The platform allows (semi) automated electrical probing of an unknown PCB which is usually a very time consuming and error prone task. This post focuses on methods to automate the initial analysis step of an embedded system - the visual analysis of the PCB(s) forming the device under test.

preview-image for PROBoter video title image

SecForCARs Demo Video of our PROBoter released

2. Februar, 2022 #proboter #automotive security #embedded security #secforcars #toolrelease #news

The PROBoter is a modular, self-calibrating probing machine to support PCB analysis tasks in penetration tests of embedded systems. The video of the PROBoter demonstrates its four main contributions: 1) The automatic visual detection of components and contact points on a PCB, 2) the automatic probing of contact points for net reversing and signal detection, 3) the mapping of signal lines to given bus protocols, and 4) the support in identification of potential attack vectors.

preview-image for PROBoter title image

The PROBoter hardware platform

2. Februar, 2022 #proboter #embedded security #secforcars #toolrelease

The first part of the PROBoter series gave an introduction to the manual process of embedded system pentesting. It then showed a possible automated workflow which will be implemented in the form of the PROBoter platform. After a longer phase of further internal development and evaluation, this post describes the core component of the PROBoter framework - a hardware platform for automated electrical probing and PCB image generation.

preview-image for TCC803x Setup

Embedded Security Assessment of a TeleChips SoC

19. Januar, 2022 #automotive security #embedded security #methodologies #research

A System-on-a-Chip (SoC) is regularly used in the automotive domain to build electronic control units (ECUs) with high demands on different functionalities and computation power. TeleChips, as a leading supplier of SoC components for automotive In-Vehicle Infotainment and cockpit solutions, chose SCHUTZWERK as an independent and experienced provider for automotive and embedded security assessments to analyze their new SoC series TCC803x (Dolphin+). This success story summarizes the approach and results of the comprehensive security assessment.

preview-image for Logo

Power analysis based software reverse engineering assisted by fuzzing II

3. September, 2020 #embedded security #secforcars #power analysis #reverse engineering #fuzzing #attacks

In the previous post a setup and a technique to extract a representative section of a powertrace of a specific instruction of a STM32F3 processor were described. This section is called a “template”. These templates should later be used to identify instructions via a power sidechannel and reconstruct the flow of an unknown program on a controller that can not be dumped via JTAG. In this part of our poweranalysis series the extracted templates from the previous post will be analyzed to determine whether they are representative enough to reverse engineer entire programs from a powertrace.

preview-image

Power analysis based software reverse engineering assisted by fuzzing I

26. August, 2019 #embedded security #secforcars #power analysis #reverse engineering #fuzzing #attacks

This is the first part of a three part series about power analysis based software reverse engineering. It is part of our work in the SecForCARs project and the bachelor thesis ‘Poweranalyse basiertes Software Reverse Engineering mit Hilfe von Fuzzing’. The results will be summarized in this blogpost series. In this first part the goals of the research and the power analysis template extraction process are presented.

preview-image for CTF-Aalen-2019.png

SCHUTZWERK CTF Event an der Hochschule Aalen

29. März, 2019 #news #ctf #cooperation #embedded security

In Kooperation mit der Hochschule Aalen veranstaltete SCHUTZWERK ein weiteres erfolgreiches Hacking Event für die Studenten. Im Rahmen der ganztägigen Veranstaltung arbeiteten die Studenten an Aufgaben aus verschiedenen Kategorien und Schwierigkeitsgraden. Neu dazu in diesem Jahr kamen, neben den aktualisierten Challenges in den gängigen Bereichen, Aufgaben aus dem Themengebiet Hardware / Embedded Security. An dieser Stelle möchten wir uns für die Kooperation mit der Hochschule sehr bedanken und beglückwünschen nochmals alle Gewinner des Events.

preview-image for Image of the Modify the Threats Tab of the TMTe4PT tool.

Threat Modeling with TMTe4PT

20. Februar, 2019 #threat modeling #toolrelease #automotive security #secforcars #embedded security

From a traditional point of view, vehicles used to be closed systems in which components communicated between each other over a central vehicle bus and no connection to remote systems was possible. However, this has drastically changed during the last years with increasing connectivity and autonomy of today’s vehicles. While car manufacturers have a long experience in dealing with safety problems, dealing with security risks raised by this development is a relatively new domain for them.

preview-image for Logo

Visiting the hardwear.io 2018 conference in Den Haag

15. September, 2018 #embedded security #event #reverse engineering #ctf

For the second year SCHUTZWERK was a sponsor of the hardwear.io conference in Den Haag. This year, we attended the conference with 3 employees focused on hardware and embedded security. The Training Session One of our hardware specialists, Heiko Ehret, learned how to reverse engineer a microchip in the training IC reverse engineering 101 from Tuesday to Wednesday. In this training the principles of gaining access to the DIE of a chip were presented and in the practical part for example photos, which were taken with a scanning electron microscope (SEM), were analyzed to extract the computational structure as well as reading out the contents of the memories.

preview-image for hardwear-logo.jpg

SCHUTZWERK ist Sponsor der hardwear.io 2018

30. August, 2018 #news #sponsor #event #embedded security #research

Vom 11.-14. September findet in Den Haag/Niederlanden die hardwear.io Konferenz statt. Die SCHUTZWERK GmbH ist offizieller Sponsor der Veranstaltung und mit mehreren Teilnehmern vor Ort. hardwear.io ist eine Konferenz zum Themengebiet Hardwaresicherheit. Auf der Konferenz werden aktuelle Themen der Hardwaresicherheit vorgestellt und diskutiert, beispielsweise aus den Bereichen Automotive oder IoT. SCHUTZWERK führt regelmäßig technische Assessments und Sicherheitsberatungen im Bereich eingebetteter Systeme und IoT durch, mehr dazu auch unter Prüfung eingebetteter Systeme .

preview-image for Main Tab

Canalyzat0r

14. Februar, 2018 #embedded security #toolrelease #automotive security #fuzzing

Disclaimer: The elaboration and software project associated to this subject are results of a Bachelor’s thesis created at SCHUTZWERK in collaboration with Aalen University by Philipp Schmied. While car manufacturers steadily refine and advance vehicle systems, requirements of the underlying networks increase even further. Striving for smart cars, a fast-growing amount of components are interconnected within a single car. This results in specialized and often proprietary car protocols built based on standardized technology.

preview-image for hardwear-logo.jpg

SCHUTZWERK ist Sponsor der hardwear.io 2017

9. Juni, 2017 #news #sponsor #event #embedded security #research

Vom 21.-22. September findet in Den Haag/Niederlanden die hardwear.io Konferenz statt. Die SCHUTZWERK GmbH ist offizieller Sponsor der Veranstaltung und mit mehreren Teilnehmern vor Ort. hardwear.io ist eine Konferenz zum Themengebiet Hardwaresicherheit. Auf der Konferenz werden aktuelle Themen der Hardwaresicherheit vorgestellt und diskutiert, beispielsweise aus den Bereichen Automotive oder IoT. SCHUTZWERK führt regelmäßig technische Assessments und Sicherheitsberatungen im Bereich eingebetteter Systeme und IoT durch, mehr dazu auch unter Prüfung eingebetteter Systeme .