RF4CE Protocol Introduction

By Marcus Barbu

August 19, 2019

In the course of security assessments we often come across protocols and communication methods that are not widely known outside of specific industry use. This article is the first in a series of deep dives on one such protocol, RF4CE. In this article, we talk about the background of RF4CE and its use cases, as well as providing an introduction to the basics of RF4CE.

Continue reading

River Loop Security team members invited to speak at DARPA’s 2019 Electronics Resurgence Initiative Summit

July 15, 2019

River Loop Security’s team members were invited to provide the opening presentation at DARPA’s 2019 Electronics Resurgence Initiative (ERI)1 Summit Workshop on “Security: From Chip to Board”. Ryan Speers, Partner at River Loop Security, and Sophia d’Antoine, Program Analysis Lead at River Loop Security, will be presenting “Supply Chain Security at the Hardware Level”. DARPA’s Microsystems Technology Office is hosting the 2019 ERI Summit to highlight advances in electronics for semiconductor designers, manufacturers, and a broad electronics user base across industries including automotive, telecommunications, and defense.

Continue reading

River Loop Security Presents Interactive Workshop at Energy Industry Security Event

June 25, 2019

River Loop Security taught an interactive seminar at the CREDC Summer Symposium on June 25th, 2019 in St. Charles, IL.1 Ryan Speers, a Partner with the team, provided attendees an introduction to security assessments on IEEE 802.15.4 and other related protocols like ZigBee. River Loop has done numerous such engagements and maintains KillerBee, the most widely used open-source tool for conducting penetration tests and research on these protocols. Attendees at the symposium included utility operators, industry or academic researchers, and government regulators.

Continue reading

Working With Ghidra's P-Code To Identify Vulnerable Function Calls

By Alexei Bulazel

May 11, 2019

This year at INFILTRATE 2019, I got together with fellow RPISEC alumnus and Boston Cybernetics Institute co-founder Jeremy Blackthorne to present “Three Heads Are Better Than One: Mastering NSA’s Ghidra Reverse Engineering Tool”. Around 50 minutes into that presentation, I presented a demo of a proof of concept script I built to trace out how inputs to malloc are derived. In this blog post, we’ll take a deeper look at that script.

Continue reading

Helping Embedded Developers Code More Securely: banned.h and strsafe

By Ryan Speers

April 30, 2019

Windows developers may be familiar with “banned.h” or “strsafe” libraries. Introducing safe libraries to development is nothing new, as was covered in the 2007 presentation on SDL for Windows Vista (slide 7). While basic, these basic libraries have been shown to provide significant value - as discussed later in the deck, 41% of bugs that Microsoft removed in Vista early on were due to removal of ‘banned’ API function calls.

Continue reading

A Tale of Two Supply Chains

December 3, 2018

This is the first of a multi-part series where we will share some of our methodology for supply chain verification in situations where there is very limited information. This content was previously shared by Sophia d’Antoine at Square’s r00ted1 Conference on November 14th, 2018 in NYC. We have previously shared our thoughts on the importance of supply chain validation with regard to hardware attacks, but this blog series will delve deeper into the specifics related to case alleged in Bloomberg Businessweek’s “The Big Hack” article.

Continue reading

Reactions to FDA Draft Cybersecurity Guidance

November 7, 2018

It’s not often that one can get excited reading draft regulatory guidance. However, our team was pleasantly surprised by the quality and quantity of specific and actionable cybersecurity recommendations in the US Food and Drug Administration (FDA) draft Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, published October 18, 2018.

Continue reading

Hardware Hacks: The Importance of Supply Chain Validation

October 9, 2018

In the past few months, media reporting1 2 on alleged Chinese backdoors via one or more types of hardware implants which compromised American products and companies has raised the public’s awareness of the risk of security compromise via hardware. For those of us who deal with hardware security daily, such allegations are not a big surprise. Our team has worked on designing, securing, and hacking hardware used in places ranging from startups to security-critical government applications, and one item that is in almost every assessment that we do is a circuit board tear-down and detailed parts identification.

Continue reading

GoodFET: Step-by-step install/setup on Kali

By Ryan Speers

September 24, 2018

In the hardware hacking community, one of the tried-and-true “go to” tools for serial communication, dumping SPI flash chips, and interacting with basic JTAG interfaces is the GoodFET, developed by our neighbor Travis Goodspeed. Some of the GoodFET instructions are a bit outdated and fragmented, and we recently were asked for help installing this on a modern Debian-based system, namely the Kali Linux security distribution. We have written up those procedures here in the hope that they are useful to people working with the GoodFET hardware.

Continue reading

Challenges and Trends in Device Security

August 20, 2018

While we are always excited to both learn and share the latest technical developments in cybersecurity (the recent Black Hat and DEF CON conferences were no exception), we also enjoy stepping back once in a while to look at macro trends in the embedded security industry. While security is a top priority in many enterprise and industrial settings, here are three key concepts that we think are important for us all to keep in mind:

Continue reading