This article covers some basic hardware reverse engineering techniques on PCB-level, which are applicable to any electronic embedded device to showcase how to analyze a previously unknown (to the researcher or public white-hat community) hardware device. SEC Consult operates a dedicated Hardware Security Lab as part of its SEC Consult Vulnerability...

In this blog post we will go into some of the technical details of the vulnerabilities we identified in the OSCI Library version 1.6.1. German readers can find a less-technical version of the article here. The OSCI-transport protocol is used for data exchange between public agencies. It is the obligatory communication protocol for public administrations...

You can find the English version of this post here containing further technical details. Die "OSCI-Transport" Java-Bibliothek ist eine Kernkomponente im deutschen e-Government. Schwachstellen in dieser Komponente erlauben es einem Angreifer, bestimmte zwischen Behörden ausgetauschte Informationen zu entschlüsseln oder zu manipulieren bzw. sogar Daten...

Update 2017-06-09: Huawei has released a Security Notice. They recommend "that users replace old Huawei routers with those of later products". SEC Consult has found a vulnerability in several WiMAX routers, distributed by WiMAX ISPs to subscribers. The vulnerability allows an attacker to change the password of the admin user. An attacker can gain access...

Violence, extremism and child abuse: A lot of criminal activities are captured in images and distributed via internet and social media. But how can companies protect their network if being abused for such a purpose? If operators do not want to be unwilling accomplices, they must meet necessary measures to prevent these crimes. SEC Technologies, SEC...

When it comes to computer forensics, or for that matter forensics in general, one of the main challenges is to ensure that evidence that is collected is not tampered with. To achieve this, computer forensic experts adhere to a strict protocol and use many specialized hardware and software tools. As we have shown time and time again, specialized...