Brightsight develops new ‘Brightsight Rotator’

published on June 20, 2016

At Brightsight, Research and Development (R&D) is an important part of our daily work. We have a small team working on R&D full time, however everyone within Brightsight is encouraged to work on R&D, next to their usual pursuits. Innovation serves two purposes, it keeps the work fun and interesting, because it gives our evaluators the opportunity to work out their own innovative and new ideas. And it creates efficiency. New, innovative tools are developed to allow (more) automation of the work we do.


During an evaluation, there is always something called ‘idle time development’. This is the time during which a tool is doing its work, without the need for the evaluator to intervene. During this time, the evaluator can work on other things, such as innovation, to optimize the use of his time, hence reducing overall costs. This ‘idle time development’ is increasing as we develop more and more tools that automate such processes. Encouraging our people to focus on innovation means we keep improving our current tools as well as creating new tools to continuously make processes more efficient.

The biggest challenge we face when developing new tools is that the tools need to provide flexibility. They’re used for a lot of different products from different companies, who each have different demands and protocols. Besides this flexibility, they also have to be easy and straight-forward to use for the evaluator. Fortunately we have a great team with dedicated colleagues who like this challenge and are dedicated to creating such tools.

An example of a new tool that has been developed recently is the ‘Brightsight Rotator’. The rotator is an addition to our EMFI and EM set-ups that allow further automation. All signals in a smart card generate an electromagnetic (EM) field. The Brightsight EM set-up is designed to listen to these EM fields and get information about the data that is being processed (such as a PIN for example). The closer the probe gets to the part of the brain of the smart card (the microprocessor), which handles the data, the more information about the data can be disclosed. The probes, however, are only sensitive to EM fields in a certain direction. Therefore all measurements need to be repeated with different orientations of the probe. Brightsight now upgraded its EM set-up to fully automate this process using the Brightsight Rotator. The position of the probes is very important for the results of the attack.

The above explains how EM fields can be used to detect what’s going on in the brains of a credit card. This process is reversible, which means that by generating EM fields it is possible to disturb the processing of the brains. This is exactly what the Brightsight EMFI set-up is designed to do. Instead of measuring the EM fields, probes are used to generate EM fields to temporarily disturb the brains of the credit card. This temporary disruption could be used to bypass security mechanisms. Again, changing the orientation of the probe will change the disruption. So changing the orientation of the probe could mean the difference between no effect and bypassing security mechanisms.

The rotator adds value because it saves time, and therefore reducing costs for the customer. Because the quality of the analysis increases, the schemes also benefit from this.

Brightsight is growing steadily these past years. We think we owe our growth partly to the fact that we improved our tools significantly. This has allowed us to increase the quality as well as the efficiency of our work.


Brightsight, official GSMA member

published on 2020.07.21


Brightsight congratulates BBPOS on achieving PCI SPoC approval

published on 2020.07.07


Successful evaluation by Brightsight leads to Arm receiving the first high-assurance Common Criteria security certification (EAL6+) for their Cortex-M33 and Cortex-M35P soft IP processors

published on 2020.05.12


SESIP, the newest member of the GlobalPlatform Cyber Security toolbox

published on 2020.03.24