We provide services that empower our customers to make informed decisions about security strategy. Being able to defend systems effectively requires having hard data on offensive capabilities. This type of actionable knowledge is often hard to acquire, especially in the mobile and embedded space. Our mission is to provide our customers with such data.
To this end, we specialize in reverse-engineering, vulnerability discovery, and custom tool development services.
We enjoy researching new attack vectors and techniques to push the envelope on offense and show what truly determined attackers are capable of.
Services
Our clients come from a wide range of business areas, but they often share a common problem: lacking visibility into the security impact of software and hardware components that they develop or integrate into their products. This is typically compounded by the difficulty of approaching the security assessment of such (often black box) components without established testing methodologies, like debuggers, emulation environments, static or dynamic security testing tools.
The security analysis, custom tool development, and training services that we offer help our clients overcome these challenges and improve their security measures.
To this end, we specialize in low level security with a focus on mobile and embedded systems, from Mobile OS kernels to the various software and hardware elements of complex systems such as System-on-Chip and Controller Area Network designs, including bootloaders, Trusted Execution Environments (TEE), basebands, and other Real Time Operating System (RTOS) components.
Security Assessments
Vulnerability Discovery
Binary and source code
Reverse engineering
Specialized in mobile and embedded systems
Cryptographic Assessments
Protocols and implementations
Custom Tool Development
Custom debuggers, static and dynamic analysis tools
Trainings
Publications
Comsecuris researchers are active participants in the security community. This includes publishing whitepapers and presentations at both academic, community, and industry events. Following is a list of selected original research from our team members, before and since joining Comsecuris.
EU VAT ID / USt-Id-Nr: DE291357352 Registered office: Dießemer Bruch 170, 47805 Krefeld, Germany Commercial register: Amtsgericht Krefeld, HRB 18481 Director: Dr. Ralf-Philipp Weinmann
Papers
Following is a list of whitepapers that Comsecuris researchers contributed to over the years
Modeling and Discovering Vulnerabilities with Code Property Graphs
Fabian Yamaguchi, Nico Golde, Daniel Arp, Konrad Rieck
IEEE Symposium on Security and Privacy (S&P 2014) [paper]
Let Me Answer That For You: Exploiting Broadcast Information in Cellular Networks Nico Golde, Kevin Redon, Jean-Pierre Seifert
USENIX Security Symposium (2013) [paper]
Trawling for Tor Hidden Services: Detection, Measurement, Deanonymization
Alex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann
IEEE Symposium on Security and Privacy (S&P 2013) [paper]
New Privacy Issues in Mobile Telephony: Fix and Verification
Myrto Arapinis, Loretta Mancini, Eike Ritter, Mark Ryan, Nico Golde, Kevin Redon, Ravishankar Borgaonkar
ACM Conference on Computer and Communications Security (ACM CCS 2012) [paper]
Weaponizing Femtocells: The effect of Rogue Devices on Mobile Telecommunication Nico Golde, Kevin Redon, Ravishankar Borgaonkar
Annual Network & Distributed System Security Symposium (NDSS 2012) [paper]
Baseband Attacks: Remote Exploitation of Memory Corruptions in Cellular Protocol Stacks Ralf-Philipp Weinmann
6th USENIX Workshop on Offensive Technologies (WOOT 2012) [paper]
SMS of Death: From Analyzing to Attacking Mobile Phones on a Large Scale
Collin Mulliner, Nico Golde, and Jean-Pierre Seifert
USENIX Security Symposium (2011) [paper]
A Framework for Automated Architecture-Independent Gadget Search
Thomas Dullien, Tim Kornau, Ralf-Philipp Weinmann
4th USENIX Workshop on Offensive Technologies (WOOT 2010) [paper]
Attacks on the DECT Authentication Mechanisms
Stefan Lucks, Andreas Schuler, Erik Tews, Ralf-Philipp Weinmann, Matthias Wenzel
Topics in Cryptology - CT-RSA 2009 [paper]
Breaking 104 Bit WEP in Less Than 60 Seconds
Erik Tews, Ralf-Philipp Weinmann, Andrei Pyshkin
Information Security Applications: 8th International Workshop (WISA 2007) [paper]
Books
Books that Comsecuris contributed to
Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo, Ralf-Philipp Weinmann [Amazon]
iOS is Apple’s mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it.
Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work
Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks
Also examines kernel debugging and exploitation
Companion website includes source code and tools to facilitate your efforts
The iOS Hacker’s Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.
Presentations
Following is a list of presentations that Comsecuris researchers have been involved in
Breaking Band - reverse engineering and exploiting the shannon baseband Nico Golde, Daniel Komaromy
Recon 2016 [slides]
Assessing and Exploiting Bignum Vulnerabilities Ralf-Philipp Weinmann
Black Hat USA 2015 [slides]
Concurrency: A problem and opportunity in the exploitation of memory corruptions Ralf-Philipp Weinmann
CanSecWest 2014 [slides]
Let Me Answer That for You - adventures in mobile paging Nico Golde
29th Chaos Communication Congress (29C3/2012) [slides]
Security issues with SUPL implementations Ralf-Philipp Weinmann
Black Hat USA 2012 [slides]
Femtocells: A Poisonous Needle in the Operator’s Hay Stack Nico Golde, Kevin Redon
Black Hat USA 2011 [slides]
SMS-o-Death: from analyzing to attacking mobile phones on a large scale Nico Golde, Collin Mulliner
27th Chaos Communication Congress (27C3/2010); CanSecWest 2011 [slides]
The Hidden Nemesis - Backdooring Embedded Controllers
27th Chaos Communication Congress (27C3/2010) Ralf-Philipp Weinmann [slides]
All Your Baseband Are Belong To Us Ralf-Philipp Weinmann
DeepSec 2010 [slides]
