You can often hear security engineers saying โdo not design your cryptosystems, especially if you donโt know anything about themโ. Nah, ignore it. What can really go wrong?
Imagine you have a radio-controlled โ๐โ๐จโ toy car.
Itโs very popular and has an open-source firmware with a large community around. Your car uses secure protocol to communicate with remote control and can drive on a long distance.
Is it protected from the hijackers now? Well, we doubt a lot ๐ค, as crypto bugs can sit in the code invisibly until itโs too late to notice them.
What can happen?
๐ Static IV in CBC fails to achieve probabilistic encryption
๐ AES-CBC Padding Oracle attack
๐ AES-CTR is broken using fixed nonce
๐ Encrypted messages integrity is not protected
๐ Side channels and replay attacks
๐ and thatโs still not all folks.
Read our new article ๐ Cryptographic failures in RF encryption allow stealing robotic devices ๐ and play interactive demo games to learn how your robotic devices can be stolen from you by someone with a radio antenna.
Top comments (0)