System vulnerability research is a complex task that calls for a real strategy. Do you have the source code? What external libraries or other dependencies are targeted? What would be the most effective fuzzing approach? What’s the most intelligent way to apply this with other techniques? What is the hardware attack surface? Which components and communication ports are in use?
So you need the right tools and the right know-how, but even that’s not enough. Nowadays, with code everywhere and frequent updates, vulnerability research is a slow process.
At Quarkslab, we see automation, scaling and tooling as the keys to vulnerability research today, in addition to specific skills. And we build on in-depth knowledge, acquired through extensive experience, to provide you with these keys.
Vulnerability intelligence involves understanding vulnerabilities in order to build appropriate defense layers.
Once the vulnerability has been identified, the real question is: “So what now? How do we tackle this?”
Mobile vulnerability monitoring enables us to map the components targeted, by ROM, mobile and operator. In-depth vulnerability analysis then informs us on the reality of the threat: it’s not enough to understand how a vulnerability works, and how it’s triggered, to determine whether a system is vulnerable. There’s nothing obvious about that. We need to replay a one-day exploit or an attack to check whether defenses are effective or not, in an appropriate context. As for the hardware vulnerability intelligence and attacks reproducibility, they require specific learning and skills ownership.
Study of known vulnerabilities provides many useful results:
Security by design has nothing to do with chance: it’s a matter of skill and knowledge across multiple fields. Secure development is always context-related. Whatever the project, security has to factor in what the system does and what it’s used for. A web server authentication module won’t be developed the same way as a pacemaker.
Cryptography, another essential aspect of modern security, calls for different skills and knowledge from those used in classic security, from underlying mathematical theory to implementation. Random number generators and protocol modes hold critical importance and require special attention. A minor error can have major impact on the whole design.
Though secure design differs considerably from offensive security, both skills are essential in producing effective results:
Reverse engineering enables us to understand how software works without having access to the source code.
Software is everywhere today, running on every kind of machine. Most software packages have many dependencies that the buyer is not informed of. So what exactly does the software you’re using contain? What exactly does it do? Does it enhance security, or might it actually weaken system defense?
To fathom out a binary file without having access to the source code we need specific tools and advanced know-how. It’s a highly complex matter. That’s our everyday business at Quarkslab: software investigation, and development of specialized tools addressing today’s reverse engineering challenges.
Reverse engineering principles also extend to hardware analysis (PCB, components,…) to map hardware architecture, uncover communication busses and protocols between elements and assess their security level.
Reverse engineering can be used for various purposes that are legal in France: