• Français
  • English

Vulnerability Research

Asset Security

System vulnerability research is a complex task that calls for a real strategy. Do you have the source code? What external libraries or other dependencies are targeted? What would be the most effective fuzzing approach? What’s the most intelligent way to apply this with other techniques? What is the hardware attack surface? Which components and communication ports are in use?

So you need the right tools and the right know-how, but even that’s not enough. Nowadays, with code everywhere and  frequent updates, vulnerability research is a slow process.

Our work

At Quarkslab, we see automation, scaling and tooling as the keys to vulnerability research today, in addition to specific skills. And we build on in-depth knowledge, acquired through extensive experience, to provide you with these keys.

  • Express assessment
  • CSPN first-level security certification
  • Product security assessment
  • Detection of software and hardware vulnerabilities

Results

  • Identification of bugs in firmware, boot loaders, parsers, browsers, etc.
  • Identification of hardware architecture weaknesses
  • Detailed monitoring strategy
  • Code developed to trigger or utilize bugs
  • Methodology to perform low cost hardware attacks

Vulnerability Intelligence

Prioritize Threats

Vulnerability intelligence involves understanding vulnerabilities in order to build appropriate defense layers.
Once the vulnerability has been identified, the real question is: “So what now? How do we tackle this?”
Mobile vulnerability monitoring enables us to map the components targeted, by ROM, mobile and operator. In-depth vulnerability analysis then informs us on the reality of the threat: it’s not enough to understand how a vulnerability works, and how it’s triggered, to determine whether a system is vulnerable. There’s nothing obvious about that. We need to replay a one-day exploit or an attack to check whether defenses are effective or not, in an appropriate context. As for the hardware vulnerability intelligence and attacks reproducibility, they require specific learning and skills ownership.

Our work

Study of known vulnerabilities provides many useful results:

  • Detailed analysis of vulnerabilities, detection and remediation
  • Effective exploits to test vulnerability
  • Review of known attacks in different contexts, to gauge actual risk
  • Hardware attacks, including side-channel and fault injection

Results

  • Exploit source code
  • Analysis of real threats in a given context, concerning a targeted vulnerability
  • Hardware tooling

Software and Hardware Security

Build Security

Security by design has nothing to do with chance: it’s a matter of skill and knowledge across multiple fields. Secure development is always context-related. Whatever the project, security has to factor in what the system does and what it’s used for. A web server authentication module won’t be developed the same way as a pacemaker.
Cryptography, another essential aspect of modern security, calls for different skills and knowledge from those used in classic security, from underlying mathematical theory to implementation. Random number generators and protocol modes hold critical importance and require special attention. A minor error can have major impact on the whole design.

Our work

Though secure design differs considerably from offensive security, both skills are essential in producing effective results:

  • Review and design of cryptography associated with the software and hardware used
  • Design and development of security libraries (secure protocols, for example)
  • Support for secure hardware architectures design

Results

  • Robust code and hardware design
  • Secure source code management
  • Threat analysis

Reverse Engineering

Understand Security

Reverse engineering enables us to understand how software works without having access to the source code.
Software is everywhere today, running on every kind of machine. Most software packages have many dependencies that the buyer is not informed of. So what exactly does the software you’re using contain? What exactly does it do? Does it enhance security, or might it actually weaken system defense?
To fathom out a binary file without having access to the source code we need specific tools and advanced know-how. It’s a highly complex matter. That’s our everyday business at Quarkslab: software investigation, and development of specialized tools addressing today’s reverse engineering challenges.

Reverse engineering principles also extend to hardware analysis (PCB, components,…) to map hardware architecture, uncover communication busses and protocols between elements and assess their security level.

Our work

Reverse engineering can be used for various purposes that are legal in France:

  • Improve understanding of code such as malware or overlooked software
  • Provide patches
  • Test protections (DRM, gaming, payment, etc.)
  • Reconstruct exact code from a binary file (e.g. intellectual property theft)
  • Examine interoperability, building third-party clients for protocol
  • Use hardware methods to enable software analysis: firmware extraction (JTAG, Flash desoldering,…), observation, interception and tampering of electric signals (I2C, SPI,…) between components (MCUs, memories, peripherals, biometric sensors,…)
  • Rely on side-channel analysis and fault injection to estimate the CPU processing and possibly extract cryptographic keys

Results

  • Reports explaining the code and/or hardware we’ve analyzed
  • Extracts of code developed to reproduce or interact with the program analyzed

Contact us