Improve the security of your product’s design and implementation.
We add value to your business
Going the extra mile for providing the best Device Security expertise possible.
We leverage our extensive knowledge on device-level security (e.g. Secure Boot, TEEs) and advanced testing techniques (e.g. Fault Injection) for securing your product.
Moreover, our insightful training program and other innovative services can significantly contribute to your company’s knowledge development.
We have tested, broken and secured countless secure products, at a professional lab level. Across multiple industries and against all range of adversaries.
We have witnessed first-hand the progress of security in the last 10 years within a wide variety of devices used by different markets (e.g. Mobile, Payment, Automotive, Industrial, IoT).
Research is a core activity at Realize. We actively pursue areas of interest to us and our customers. You can read our research results on our blog on this website.
We would be happy to help you with the identification of new ways to attack or secure your product’s software and hardware.
We take in your product’s design or implementation as a whole, aiming to contribute to its security from its hardware foundations to its critical software layers.
We always analyze devices or components thereof with an eye for the system it operates in. We adapt our approach to the needs and threats applicable for your use case or business case.
Secure Code Review
We reviewed the code of a TA, executed within a TEE, which implemented a DRM solution.
We identified multiple vulnerabilities that can be exploited from the REE or other TAs, by attackers with and without physical access to the device.
Secure Architecture Review
We reviewed the security architecture of a modern SoC implementing the ARMv8 architecture.
We found multiple vulnerabilities and weaknesses in the SoC’s OTP controller, TZASC and TZPC. Also, we identified several potential fault injection vulnerabilities.
We used a (hardware) flash programmer to extract the software from the device and performed binary analysis.
We identified multiple exploitable vulnerabilities that can be exploited by attacker with and without physical access to the device.
TEE Operating System (OS)
We used our TEE expertise to support a manufacturer during the design and implementation of a TEE OS.
As our services were requested during the development phase, we were able to guide the manufacturer towards a stronger implementation before the product’s release.
Private TEE Training
Manufacturer and Security Lab
We gave our TEEPwn training in a private setting to the personnel of a manufacturer and a security lab.
During these trainings the attendees worked their way through many hands-on exercises, immediately applying the concepts received during lectures.
Secure Code Review
We reviewed the code of a ROM bootloader implemented by a System-on-Chip (SoC).
We identified multiple vulnerabilities in the recovery mode implemented by the ROM code, which could be exploited by an attacker with physical access.
While Raelize is a young company, it already has an impressive amount of knowledge and experience. I have worked with both Cristofaro and Niek, and recommend them for their high ethical and quality standards.
The crew at Raelize, Cristofaro Mune and Niek Timmers, bring technical excellence coupled with several years of experience in the cybersecurity field both from a hardware and a software perspective. I have followed their work over the past decade. They have managed to demonstrate on several occasions ‘making the theoretical, practical’. If you really want to learn about controlled attacks on secured environments, be it secure boot, or be it secure enclave, the folks at Raelize have got you covered!
We are extremely honored to have had Niek Timmers and Cristofaro Mune as trainers at our flagship events nullcon & hardwear.io since the last two years. Their research has always caught the attention of the technical audience and the industry definitely learns a lot of from their publications. We wish them both great success.
Side Channel Analysis (SCA) attacks generally speaking consisting of three phases: acquisition, …Read more
In our previous blog post, we’ve shown how we extracted the secret key from the ESP32’s …Read more
Feel free to contact us, we will be happy to listen and support.