Hi, I am Sergei Skorobogatov!

I am a research engineer working in the areas of hardware security, attack and defence technologies.

I have background in electronics, chemistry, computer science (Ph.D. in 2005) and physics (M.Sc. in 1997).

My research interests include Hardware Security, Embedded memory security, Smartcards, Semiconductors Failure Analysis methods, Forensic Analysis.

I have a strong track record of establishing new directions in hardware security field and finding 'impossible' solutions to hardware security problems:
2002 - discovered optical fault injection attacks which shaked the industry with many semiconductor manufacturers still struggling with implementation of reliable countermeasures;
2005 - discovered data remanence in EEPROM and Flash memory which required tweaking of hardware designs in some Flash and EEPROM chips;
2006 - introduced combined attacks of fault injection with power analysis which opened up a new area for academic research on attacks and countermeasures;
2010 - introduced bumping attacks on Flash memory that can extract data from devices without readback function which forced many developers to implement robust countermeasures;
2012 - implemented hardware acceleration to power analysis for finding backdoors which forced implementation of more robust countermeasures;
2016 - demonstrated 'impossible' NAND mirroring attack on iPhone 5c which proved possibility of things officially named as impossible;
2017 - proved practicality of direct SEM imaging of EEPROM and Flash memory which paved the way for inexpensive memory extraction at scale;
2018 - demonstrated decapsulation on a battery powered chip which proved that decapsulation with acid is not as dangerous as it was thought to be;
2020 - found backdoor and successfully cloned Infineon Secure Element SLE95250 Optiga Trust B chip.

Expertise

Some of my special skills and fields of knowledge include:

• Secure microcontrollers
• Tamper resistance, smartcard systems, analysis of secure systems
• Decapsulation and chemical (wet) etching
• Semi-invasive attacks
• Focused Ion Beam (FIB) workstation (FEI Vectra 200)
• Scanning Electron Microscopy (SEM) (Zeiss Leo 1530VP, EVO10; FEI Magellan 400L, Phenom ProX)
• Dual-beam FIB/SEM (FEI Helios NanoLab 650, Zeiss CrossBeam 540)
• Atomic Force Microscopy (AFM) (Veeco EnviroScope AFM)
• Laser cutting systems
• Probing stations and microprobing techniques
• Submicron mechanical positioning (stage1, stage2, stage3, stage4 ).
• Laser microscopy
• Advanced imaging techniques
• Assembler programming (8048, Z80, 8051, 6502, SAM47, 80x86, MC68HC05/HC08/HC11, PIC12, PIC16, PIC18, PIC24, 68000, AVR, MIPS, ARM, MSP430, H8/300, PowerPC, V850)
• C/C++ programming for PC (Windows) and embedded systems (PIC, ARM)
• Verilog HDL programming (Altera, Xilinx, Actel)
• Designing of hardware devices using CPLDs and FPGAs (Altera, Xilinx, Actel)
• Printed Circuit Boards (PCB) design
• IBM PC hardware design and programming
• Hardware design and programming for Sinclair ZX Spectrum, Nintendo (NES) game console, SEGA Megadrive game console

Research

I work in the Hardware Security field on attack technologies and tamper-resistant processors. My Hardware Security research is aimed at finding vulnerabilities, hidden functions and backdoors in silicon chips. Many new attack methods and techniques were developed by me in the past decade. Some of them were previously thought to be impossible.

I presented my latest research on security of the IronKey and other Secure USB Flash Drives at Hardware Security Conference and Training (Hardwear.IO Netherlands 2021), 28-29 October 2021. The title of my talk on 29th October was: Teardown and feasibility study of IronKey - the most secure USB Flash drive. The full paper is available here.

Here is the list of some of my recent research projects:

• Direct data extraction from EEPROM and Flash memory
• Failure analysis of embedded systems
• Searching for backdoors and Trojans in silicon devices
• Using new methods of side-channel analysis for finding backdoors and trojans in secure chips
• Using new technology for health monitoring of hardware systems used in automotive, aerospace and industrial applications
• Using side-channel analysis and fault attacks for partial reverse engineering of secure chips
• Developing new technology for effective side-channel analysis and secret key extraction from real-world devices

Past projects

• Development and debugging of microcontroller based secure fiscal memory card for Cash Control Monitor (Master thesis project at University)
• System for ophthalmic rehabilitation based on Nintendo Game Console (Co-authorship in patent invention)
• Technology and special hardware devices for elimination of ophthalmic tension during work at CRT systems - TVs and Monitors (Patented in Co-authorship)
• System based on SEGA Nomad Game Console for analyzing topography of a human eye's cornea

I am a member of the following communities:

• Hardware-Oriented Security and Trust (HOST), Program Committee (2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019)
• Cryptographic Hardware and Embedded Systems (CHES), Program Committee (2010, 2012, 2016, 2017, 2018, 2019, 2020)
• Fault Diagnosis and Tolerance in Cryptography (FDTC), Program Committee (2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2020, 2021)
• Smart Card Research and Advanced Application Conference (CARDIS), Program Committee (2011, 2012, 2013)
• Constructive Side-Channel Analysis and Secure Design (COSADE), Program Committee (2012)
• Digital System Design (DSD) Euromicro conference, Special Session Program Committee (2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021)
• Design, Automation and Test in Europe (DATE), Program Committee (2017, 2018)
• CCS 2017, ASHES workshop on hardware security, Program Committee (2017, 2018, 2019, 2020, 2021)
• International Conference on Hardware Security and Trust (ICHST), Program Committee (2020, 2021)
• International Symposium for Testing and Failure Analysis (ISTFA), Program Committee (2019, 2020, 2021)
• European Research Council (ERC), Peer Reviewer (2010)
• Technology Foundation STW, Dutch Research Funding Council, Peer Reviewer (2013)
• Journal of Cryptology, Peer Reviewer (2018)
• Journal of Cryptographic Engineering (JCEN), Associate Editor and Peer Reviewer (2011, 2012, 2013, 2014, 2015, 2016, 2017, 2020)
• IEEE Transactions on Dependable and Secure Computing (TDSC), Peer Reviewer (2018)
• IEEE Transactions on Computers (TC), Peer Reviewer (2006, 2007, 2009, 2012, 2013, 2014)
• IEEE Transactions on Reliability (TR), Peer Reviewer (2014)
• IEEE Transactions on Computer-Aided Design of ICs and Systems (2014, 2018, 2019)
• IEEE Transactions on Very Large Scale Integration Systems (2018, 2019)
• Wiley Publisher, Reviewer (2010)
• AIP Publishing for Applied Physics Letters (2019)
• Journal of Information Security, Peer Reviewer (2011)
• Journal of Microelectronics Reliability, Peer Reviewer (2012, 2013)
• Journal of Information Science and Engineering, Peer Reviewer (2013)
• The Computer Journal (COMPJ), Peer Reviewer (2013)
• ACM Transactions on Reconfigurable Technology and Systems, Peer Reviewer (2008, 2013)
• ACM Transactions on Information and System Security, Peer Reviewer (2013)
• ACM Transactions on Interactive, Mobile, Wearable and Ubiquitous Technologies (IMWUT), Peer Reviewer (2018)
• Microprocessors and Microsystems (Elsevier), Peer Reviewer (2015, 2017, 2020)

Publications

Please do not copy any of my publications onto your own Internet server for public access without explicit permission. If you want to refer to any of my texts, please use a hyperlink to my original and not a copy. I update these texts frequently and I want to prevent the confusion that arises if people read somewhere else obsolete versions that are not under my control.

Posters

• Hardware Security
• Video Imaging of Silicon Chips
• Data remanence in non-volatile semiconductor memory (Part I)
• Data remanence in non-volatile semiconductor memory (Part II)
• Power analysis attacks
• Optically enhanced position-locked power analysis
• Optical surveillance on silicon chips
• Silicon scanning reveals hidden backdoors in semiconductor chips
• iPhone 5c NAND mirroring attack

English texts

• Teardown and feasibility study of IronKey - the most secure USB Flash drive. Hardwear.IO Conference, Netherlands, 28-29 October 2021. (slides).
• Compromising device security via NVM controller vulnerability. IEEE International Conference on Physical Assurance and Inspection of Electronics (PAINE), Virtual, 15-16 December 2020. IEEE Xplore. (Slides)
• Practical Reverse Engineering of ECC-based authentication Device with Zero Knowledge. Hardwear.IO Netherlands, Virtual Conference, 1-2 October 2020
• Hints from Hardware Security for solving real-world challenges. Hardwear.IO Virtual Conference, 30 April - 1 May 2020
• Hardware Security Evaluation of MAX 10 FPGA: Feasibility Study of Intel® MAX 10 devices for compliance to MODH security level. arXiv:1910.05086, October 2019
• Hardware security evaluation of Intel MAX 10 FPGAs: from feasibility study to security boundaries. Hardware Security Conference and Training (Hardwear.IO 2019), Hague, Netherlands, September 2019
• Hardware Security: Present challenges and Future directions. TL@NTU Workshop on IC Hardware Analysis, 20th July 2018, Singapore
• Is Hardware Security prepared for unexpected discoveries? 25th International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA-2018), 16-19 July 2018, Singapore. IEEE Xplore 2018. (Slides)
• Hardware Security implications of Reliability, Remanence and Recovery in Embedded memory. PAINE workshop at Design Automation Conference (DAC-2018), 24th June 2018, San Francisco, USA. Journal of Hardware and Systems Security, 2(4), Springer 2018, pp.314-321. (Slides)
• Combining Hardware Security, Failure Analysis and Forensic Analysis for the benefit of all. Invited talk at ISTFA 2017, Pasadena, USA, November 2017
• Challenging real-world targets: from iPhone to insulin pump. Keynote talk at Hardware Security Conference and Training (Hardwear.IO 2017), Hague, Netherlands, September 2017
• Deep dip teardown of tubeless insulin pump. arXiv:1709.06026, September 2017
• How microprobing can attack encrypted memory. In Proceedings of Euromicro Conference on Digital System Design, AHSA 2017 Special Session, Vienna, Austria. IEEE Computer Society, 2017. (Slides).
• Reverse engineering Flash EEPROM memories using Scanning Electron Microscopy. In Proceedings of the 15th Smart Card Research and Advanced Application Conference (CARDIS 2016), Cannes, France, November 2016
• Direct charge measurement in Floating Gate transistors of Flash EEPROM using Scanning Electron Microscopy. In Proceedings of the 42nd International Symposium for Testing and Failure Analysis (ISTFA), Fort Worth, USA, November 2016
• The bumpy road towards iPhone 5c NAND mirroring. arXiv:1609.04327, September 2016
• Be prepared: The EMV pre-play attack. IEEE Security & Privacy, 2015.
• Chip and Skim: cloning EMV cards with the pre-play attack. IEEE Symposium on Security and Privacy ("Oakland"), May, 2014.
• Security, Reliability and Backdoors. Talk at the Security Group seminar 13 May 2014 (slides).
• Tamper resistance and hardware security. Guest lecture in the Part II Security course, 03 February 2014.
• I gave a lecture course on Hardware Security of semiconductor chips at Nanyang Technological University in Singapore for undergraduates and PhD students of Temasek Laboratory department in May 2013.
• I gave invited talk "Silicon scanning technology for hidden backdoors in semiconductor chips" at National University of Singapore, Department of Engineering on 20 May 2013.
• Tamper resistance and hardware security. Guest lecture in the Part II Security course, 04 February 2013.
• Chip and Skim: cloning EMV cards with the pre-play attack. Eprint arXiv:1209.2531, September 2012
• Breakthrough silicon scanning discovers backdoor in military chip. Cryptographic Hardware and Embedded Systems Workshop (CHES-2012), 9-12 September 2012, Leuven, Belgium, LNCS 7428, Springer, ISBN 978-3-642-33026-1, pp.23-40. (slides).
• In the blink of an eye: There goes your AES key. IACR Cryptology ePrint Archive, Report 2012/296, 2012.
• Integrated Circuit Investigation Method and Apparatus. Patent number WO2012/046029 A1
• Tamper resistance and hardware security. Guest lecture in the Part II Security course, 20 February 2012.
• Physical Attacks and Tamper Resistance. Chapter 7 in Introduction to Hardware Security and Trust, Eds: Mohammad Tehranipoor and Cliff Wang, Springer, September 2011, ISBN 978-1-4419-8079-3
• Hardware Security of Semiconductor Chips: Progress and Lessons. School of Computing Science, Newcastle University, 27 June 2011, Newcastle upon Tyne.
• Fault attacks on secure chips: from glitch to flash. ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.
• Side-channel attacks: new directions and horizons. ECRYPT2 School on Design and Security of Cryptographic Algorithms and Devices, 29 May-03 June 2011, Albena near Varna, Bulgaria.
• Physical Attacks on Tamper Resistance: Progress and Lessons. 2nd ARO Special Workshop on Hardware Assurance, 11-12 April 2011, Washington DC, USA.
• Synchronization method for SCA and fault attacks. Journal of Cryptographic Engineering (JCEN), Vol.1, No.1, Springer, 2011, pp.71-77.
• Bumping attacks: the affordable way of obtaining chip secrets. Talk at the Security Group seminar 7 December 2010 (slides).
• Tamper resistance and hardware security. Guest lecture in the Part II Security course, 5 November 2010.
• Optical Fault Masking Attacks. 7th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2010), 21 August 2010, Santa Barbara, USA. IEEE-CS Press, ISBN 978-0-7695-4169-3, pp.23-29. (slides).
• Real world AES key extraction. Rump session at Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), 19 August 2010, Santa Barbara, USA.
• Flash Memory 'Bumping' Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2010), 18-20 August 2010, LNCS 6225, Springer, ISBN 3-642-15030-6, pp.158-172. (slides).
• Fault and side-channel attacks on memory. PASTIS-2010 Workshop on PACA Security Trends in Embedded Systems, 16-17 June 2010, Gardanne, France (abstract and slides).
• Hardware security of silicon chips: progress, pitfalls and challenges for physical attacks. Lorentz Center Workshop on Provable Security against Physical Attacks. 15-19 February 2010, Leiden, Netherlands (abstract and slides).
• Tamper resistance and hardware security. Guest lecture in the Part II Security course, 20 November 2009.
• Optical surveillance on silicon chips: your crypto keys are visible. Talk at the Security Group seminar 13 October 2009. (slides).
• Using Optical Emission Analysis for Estimating Contribution to Power Analysis. 6th Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2009), 6 September 2009, Lausanne, Switzerland. IEEE-CS Press, ISBN 978-0-7695-3824-2, pp.111-119. (slides).
• Local Heating Attacks on Flash Memory Devices. 2nd IEEE International Workshop on Hardware-Oriented Security and Trust (HOST-2009), 27 July 2009, San Francisco, CA, USA. IEEE Xplore, ISBN 978-1-4244-4804-3. (slides).
• Hardware security: trends and pitfalls of the past decade. Talk at the Security Group seminar 20 January 2009 (slides).
• Tamper resistance and hardware security. Guest lecture in the Part II Security course, 24 November 2008.
• Semi-Invasive Extension to Physical Attacks. Securing Cyberspace: Applications and Foundations of Cryptography and Computer Security. Workshop IV: Special purpose hardware for cryptography: Attacks and Applications. 4-8 December 2006, Los Angeles (abstract and slides).
• Optically enhanced position-locked power analysis. Talk at the Security Group seminar 31 October 2006 (slides).
• Optically Enhanced Position-Locked Power Analysis. Cryptographic Hardware and Embedded Systems Workshop (CHES-2006), 11-13 October 2006, LNCS 4249, Springer, ISBN 3-540-46559-6, pp.61-75 (slides).
• Tamper resistance and physical attacks. Summer School on Cryptographic Hardware, Side-Channel and Fault Attacks (ECRYPT-2006), 12-15 June 2006, Louvain-la-Neuve (slides 1, slides 2, slides 3 and slides 4).
• Cryptographic Processors -- A Survey (Invited Paper). IEEE Proceedings, Special Issue on Cryptography and Security, February 2006, Vol.94, No.2, pp.357-369. Full version is available as a Technical Report UCAM-CL-TR-641.
• Data Remanence in Flash Memory Devices. Cryptographic Hardware and Embedded Systems Workshop (CHES-2005), 30 August - 1 September 2005, LNCS 3659, Springer, ISBN 3-540-28474-5, pp.339-353 (slides).
• Semi-invasive attacks - A new approach to hardware security analysis. Technical Report UCAM-CL-TR-630, University of Cambridge,Computer Laboratory, April 2005.
• Data remanence in non-volatile semiconductor memories. Part I: Introduction and non-invasive approach. Talk at the Security Group seminar 26 October 2004 (slides).
• On a New Way to Read Data from Memory. First International IEEE Security in Storage Workshop, 11 December 2002, Greenbelt Marriott, Maryland, USA.
• Optical Fault Induction Attacks. Cryptographic Hardware and Embedded Systems Workshop (CHES-2002), 13-15 August 2002, LNCS 2523, Springer-Verlag, ISBN 3-540-00409-2, pp.2-12 (slides, Russian version).
• Low Temperature Data Remanence in Static RAM. Technical Report UCAM-CL-TR-536, University of Cambridge,Computer Laboratory, June 2002.
• Copy Protection in Modern Microcontrollers is an overview of copy protection reliability in modern microcontrollers, 2000.

Russian texts

• Ispolzovanie Sfokusirovannogo Lazernogo Izlucheniya Dlya Izmeneniya Sostoyaniya Elementov KMOP IS //Electronics, Micro- and Nanoelectronics. MEPhI, Moscow, 2004, pp.67-72.
• Ispolzovanie Sfokusirovannogo Lazernogo Izlucheniya Dlya Opredeleniya Sostoyaniya Yacheek Pamyati KMOP OZU //Electronics, Micro- and Nanoelectronics. MEPhI, Moscow, 2003, pp.37-42.
• Smart-Karty - vzgljad na bezopasnost pri svete fotovspyshki //PLAS, Vol.6-7, 2002.
• Ataki metodom opticheskogo navedeniya oshibok. Approved translation of Optical Fault Induction Attacks paper. Cryptographic Hardware and Embedded Systems Workshop (CHES-2002), LNCS 2523, Springer-Verlag, ISBN 3-540-00409-2, pp.2-12.
• Vliyanie temperatury na vremya sohraneniya informacii v staticheskih OZU //Electronics, Micro- and Nanoelectronics. MEPhI, Moscow, 2001, pp.86-88
• Zaschita Sovremennyh Mikrokontrollerov ot Kopirovaniya //Automatics, Electronics, Microelectronics, Measurement Systems. MEPhI, Moscow, 2001, pp.84-85.
• Ispolzovanie Programmiruemyh Logicheskih Integralnyh Shem v Oftalmologicheskih Ustrojstvah //Electronics, Micro- and Nanoelectronics. MEPhI, Moscow, 1999, pp.99-103.

Press releases September-October 2016

• Researcher Bypasses iOS Passcode Limit With NAND Mirroring. On the Wire, Device Security, Hacking, 15 September 2016.
• Researcher Shows Simple iPhone Hack FBI Said Couldn't Be Done. Fortune, 15 September 2016.
• Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions. Black Point, 15 September 2016.
• Researcher Does What FBI Couldn't, Bypasses iOS Passcode Limit. Softpedia, Security, 15 September 2016.
• How the FBI Could Have Hacked the San Bernardino Shooter's iPhone. Wired, Security, 15 September 2016.
• The FBI could have saved money with this iPhone 5c hack. PCWorld, Security, 15 September 2016.
• Researcher Proves Viability of NAND Mirroring to Bypass iPhone Passcode Restrictions. Threat Post, 16 September 2016.
• FBI used to be wrong: Researcher Claims iPhone 5c can be Hacked by means of NAND Mirroring. Tech Musiq Cafe, 16 September 2016.
• The FBI could have saved money with this iPhone 5c hack. CSO from IDG, 16 September 2016.
• FBI Was Wrong: Researcher Claims iPhone 5c Can Be Hacked by NAND Mirroring. Gadgets 360, 16 September 2016.
• Instead of spending $1.3 million, FBI could have Hacked iPhone in just $100. The Hacker News, 16 September 2016.
• You can hack iPhone 5c for less than $100 with NAND bypass. Tech Worm, 16 September 2016.
• Researcher Develops Method to Bypass iOS Passcode Limit on iPhone. Trip Wire, Security News, 16 September 2016.
• The FBI missed a trick to hack the San Bernardino iPhone. Engadget, 16 September 2016.
• NAND mirroring Unlock San Bernardino shooter iPhone with just $100. Security Affairs, 17 September 2016.
• The iPhone's passcode security can be beaten for just $100. Beta News, 17 September 2016.
• Researcher Bypasses iPhone Passcode Using the Technique the FBI Said Doesn't Work. Bleeping Computer, 17 September 2016.
• Now You Can Hack iPhone For Less Than $100 With NAND Bypass. Tech Ugly, 17 September 2016.
• Did You Know You Can Hack Into The iPhone For As Less As $100?. India Times, 17 September 2016.
• Turns out iPhone 5c can be hacked with a $100 hardware. Hack Read, 17 September 2016.
• The FBI could have saved millions with this iPhone 5c hack. Digital Munition, 18 September 2016.
• FBI overpaid $999,900 to crack San Bernardino iPhone 5c password: Hacker brews fast NAND mirroring prototype for $100. The Register, 19 September 2016.
• Hardware hack defeats iPhone passcode security. BBC News, Technology, 19 September 2016.
• Professor proves NAND mirroring attack thwarts iPhone 5c security protocols. Apple Insider, 19 September 2016.
• Researcher posts paper detailing US$100 iPhone 5C NAND mirroring device. SC Magazine UK, 19 September 2016.
• Cambridge Computer Scientist Uses Hardware Hack to Bypass iPhone Passcode. iPhone Hacks, 19 September 2016.
• iPhone passwords can be broken with this cheap hardware hack. Tech Radar, 19 September 2016.
• Bypass an iPhone 5c's passcode lock for $100. Graham Cluley, 19 September 2016.
• Apple iPhone 5C Password Lock 'Defeated' With £75 Hardware Hack. Tech Week Europe, 19 September 2016.
• Security researcher proves FBI wrong ? hacks an iPhone 5c. Thats Nonsense, 19 September 2016.
• Cambridge researcher shows FBI how to hack an iPhone for $100. PC Mag UK, 19 September 2016.
• Cambridge Computer Scientist Defeats iPhone Passcode Security. Independent, 19 September 2016.
• Academic beats FBI by unlocking Apple iPhone for £75. Sky News, 20 September 2016.
• Computer scientist shows how to crack Apple iPhone 5c passcode for less than $100. Tech Xplore, 20 September 2016.
• Professor Hacks iPhone NAND Chip of iPhone 5C to Gain Access. Hipster Pixel, 20 September 2016.
• iPhone passcode bypassed with NAND mirroring attack. Ars Technica, 20 September 2016.
• What a bargain! Computer scientist hacks iPhone for £75 after the FBI paid a firm almost £1 MILLION to do the same thing. Daily Mail, 20 September 2016.
• Watch a Cambridge scientist crack the iPhone encryption that stumped the FBI. Cambridge News, 20 September 2016.
• $100 store-bought kit can help anyone hack into iPhone passcodes. The Guardian, 20 September 2016.
• NAND mirroring iPhone hack would have made the FBI's job much easier. Search Security, 20 September 2016.
• iPhone passcodes can be bypassed using cheap hardware hack and persistence. The Inquirer, Security, 20 September 2016.
• You can hack almost any iPhone with just $100 worth of electronics. Digital Trends, Mobile, 21 September 2016.
• You can hack almost any iPhone with just $100 worth of electronics. Yahoo, Tech, 21 September 2016.
• $104 High Street Instrument Can Open An Apple iPhone In 40 Hours. 24 News, Technology, 21 September 2016.
• The FBI spent $1.3M to crack the iPhone - this hacker spent just $100. Vice News, Technology, 21 September 2016.
• Researcher hacked iPhone 5c ten thousand times cheaper than the FBI hackers. Technical Center of Internet, Techno News, 21 September 2016.
• £80 high street tool can unlock an iPhone in 40 hours. The Telegraph, Technology, 21 September 2016.
• That's the way to do it. A Cambridge don shows the FBI how to save money on phone hacking. The Economist, Data Security, 22 September 2016.
• The FBI spent $1.3M to crack the iPhone - this hacker spent just $100. The Usual Routine, 28 September 2016.
• How one researcher cracked the iPhone 5c. EDN Network, 11 October 2016.

Press releases September 2012

• Chip and pin 'weakness' exposed by Cambridge researchers. The BBC News, Technology, 11 September 2012.
• EMV protocol flaw allows 'pre-play' attacks against chip-enabled payment cards, researchers say. PC World, Security, 11 September 2012.

Press releases May 2012

• Cyber-attack concerns raised over Boeing 787 chip's 'back door'. The Guardian, 29 May 2012
• Researchers find backdoor in milspec silicon. The Register, 29 May 2012
• UK researchers discover backdoor in American military chip. Nextgov, 29 May 2012
• Cambridge Scientist Defends Claim That US Military Chips Made In China Have 'Backdoors'. Business Insider, 29 May 2012
• Proof That Military Chips From China Are Infected? Defense Tech, 30 May 2012

Press releases May 2002

• 'Smart Card' Vulnerability Found. TechTV, 16 May 2002
• Optical Smart Card Attack Not a Major Risk. Information Security Magazine, 16 May 2002
• Camera flash opens up smart cards. New Scientist, 13 May 2002
• Vulnerability Is Discovered in Security for Smart Cards. The New York Times, Technology, 13 May 2002

[What's New] [My Expertise] [Research] [Publications]