System vulnerability research is a complex task that calls for a real strategy. Do you have the source code? What external libraries or other dependencies are targeted? What would be the most effective fuzzing approach? What’s the most intelligent way to apply this with other techniques? What is the hardware attack surface? Which components and communication ports are in use?
So you need the right tools and the right know-how, but even that’s not enough. Nowadays, with code everywhere and updates frequent, vulnerability research is a slow process.
At Quarkslab, we see automation, scaling and tooling as the keys to vulnerability research today, in addition to specific skills. And we build on in-depth knowledge, acquired through extensive experience, to provide you with these keys.
- Express assessment
- CSPN first-level security certification
- Product security assessment
- Detection of software and hardware vulnerabilities
- Identification of bugs in firmware, boot loaders, parsers, browsers, etc.
- Identification of hardware architecture weaknesses
- Detailed monitoring strategy
- Code developed to trigger or utilize bugs
- Methodology to perform low cost hardware attacks
Vulnerability intelligence involves understanding vulnerabilities in order to build appropriate defense layers.
Once the vulnerability has been identified, the real question is: “So what now? How do we tackle this?”
Mobile vulnerability monitoring enables us to map the components targeted, by ROM, mobile and operator. In-depth vulnerability analysis then informs us on the reality of the threat: it’s not enough to understand how a vulnerability works, and how it’s triggered, to determine whether a system is vulnerable. There’s nothing obvious about that. We need to replay a one-day exploit or an attack to check whether defenses are effective or not, in an appropriate context. As for the hardware vulnerability intelligence and attacks reproducibility, they require specific learning and skills ownership.
Study of known vulnerabilities provides many useful results:
- Detailed analysis of vulnerabilities, detection and remediation
- Effective exploits to test vulnerability
- Review of known attacks in different contexts, to gauge actual risk
- Hardware attacks, including side-channel and fault injection
- Exploit source code
- Analysis of real threats in a given context, concerning a targeted vulnerability
- Hardware tooling
SOFTWARE AND HARDWARE SECURITY
Security by design has nothing to do with chance: it’s a matter of skill and knowledge across multiple fields. Secure development is always context-related. Whatever the project, security has to factor in what the system does and what it’s used for. A web server authentication module won’t be developed the same way as a pacemaker.
Cryptography, another essential aspect of modern security, calls for different skills and knowledge from those used in classic security, from underlying mathematical theory to implementation. Random number generators and protocol modes hold critical importance and require special attention. A minor error can have major impact on the whole design.
Though secure design differs considerably from offensive security, both skills are essential in producing effective results:
- Review and design of cryptography associated with the software and hardware used
- Design and development of security libraries (secure protocols, for example)
- Support for secure hardware architectures design
- Robust code and hardware design
- Secure source code management
- Threat analysis
Understand software and hardware
Reverse engineering enables us to understand how software works without having access to the source code.
Software is everywhere today, running on every kind of machine. Most software packages have many dependencies that the buyer is not informed of. So what exactly does the software you’re using contain? What exactly does it do? Does it enhance security, or might it actually weaken system defense?
To fathom out a binary file without having access to the source code we need specific tools and advanced know-how. It’s a highly complex matter. That’s our everyday business at Quarkslab: software investigation, and development of specialized tools addressing today’s reverse engineering challenges.
Reverse engineering principles extend also to hardware analysis (PCB, components,…) to map hardware architecture, uncover communication busses and protocols between elements and assess their security level.
Reverse engineering can be used for various purposes that are legal in France:
- Improve understanding of code such as malware or overlooked software
- Provide patches
- Test protections (DRM, gaming, payment, etc.)
- Reconstruct exact code from a binary file (e.g. intellectual property theft)
- Examine interoperability, building third-party clients for protocol
- Use hardware methods to enable software analysis: firmware extraction (JTAG, Flash desoldering,…), observation, interception and tampering of electric signals (I2C, SPI,…) between components (MCUs, memories, peripherals, biometric sensors,…)
- Rely on side-channel analysis and fault injection to estimate the CPU processing and possibly extract cryptographic keys
- Reports explaining the code and/or hardware we’ve analyzed
- Extracts of code developed to reproduce or interact with the program analyzed