Tom’s Hardware | Check out this article from Tom’s Hardware highlighting IOActive’s recent win for ‘Extracting antifuse secrets from RP2350 by FIB/PVC’ during the RP2350 Hacking Challenge hosted by Raspberry Pi.

“Data bits stored in the RP2350’s OPT memories, based on antifuses, were extracted using a well-known semiconductor failure analysis technique leveraging passive voltage contrast (PVC) with a focused ion beam (FIB).

IOActive’s five-strong team reckons their unique attack vector is potent enough to apply to other systems using antifuse memory for confidentiality. Organizations using antifuse memory this way should therefore “immediately reassess their security posture,” says IOActive, and at least use chaffing techniques to make it harder for attackers to recover any data.”

Forbes | IOActive researchers recently applied a new technique during the RP2350 Hacking Challenge hosted by Raspberry Pi. This Forbes article highlights our team’s research, which secured a win during the challenge for “Extracting antifuse secrets from RP2350 by FIB/PVC.”

… “The fully-invasive antifuse memory reading technique we demonstrated with the example RP2350 can very likely be utilized against other types of antifuse memories,” IOActive’s senior vice president of research and strategy, John Sheehy, told me, “which are frequently used to store small amounts of infrequently changing data and may include sensitive data requiring confidentiality such as shared or private cryptographic keys.”

Popular Science | Josep Pi Rodriguez, IOActive Principal Consultant, recently featured his discovery of a technique to ‘jailbreak’ digital license plates in this piece from Popular Science.

“… Cybersecurity researchers at from IOActive have demonstrated how a similar type of sleight of hand can potentially be performed in the real-world by hacking a popular brand of new digital driver’s license plates. By using a “fault injection” hardware attack, the researches have shown how a hacker could, hypothetically at least, essentially jailbreak a digital license display and replace the plate number with a custom message of the hacker’s choosing.”

WIRED | IOActive’s Josep Pi Rodriguez, Principal Security Consultant, was recently featured in a Wired article, ‘Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets,’ where he discussed a technique that he discovered to “”jailbreak” digital license plates sold by Reviver, the leading vendor of those plates in the US with 65,000 plates already sold.”

“That susceptibility to jailbreaking, Rodriguez points out, could let drivers with the license plates evade any system that depends on license plate numbers for enforcement or surveillance, from tolls to speeding and parking tickets to automatic license plate readers that police use to track criminal suspects. “You can put whatever you want on the screen, which users are not supposed to be able to do,” says Rodriguez. “Imagine you are going through a speed camera or if you are a criminal and you don’t want to get caught.””

Corporate Vision | IOActive was recently named ‘Best Research-Led Security Services Provider 2024 – USA‘ for the “ability to help its clients understand their vulnerabilities and risks.” Corporate Vision’s November issue expanded more into the award with a business spotlight highlighting the recent win and what makes IOActive unique.

“At the heart of IOActive is a deep understanding of the ‘attacker’s perspective’, something that has served as the foundation for the in-depth research it has carried out and the services it today offers to industries around the world. The company’s steadfast dedication to research is grounded in the knowledge that it must remain one step ahead of looming threats so as to protect everything- from industries and devices to governments- with maximum efficiency.”

FORESIGHT | John Sheehy, IOActive Senior Vice President, Research & Strategy, was recently featured in an article, ‘Smart buildings are on the rise. So are cyberattacks,’ discussing how the increase in technology in smart buildings has created an increased risk in potential for cyberattacks.

“… “These complex cyber-physical systems expose the building and occupants to new risks and threats that in the past required physical access to realise negative consequences,” says John Sheehy of IOActive, a cybersecurity firm based in the United States.

… Hackers can render buildings unliveable by intentionally manipulating the temperature and altering humidity and air quality, says Sheehy. Emergency systems designed to protect buildings could also be rendered useless.”

CareerInfoSecurity | Gunter Ollmann, IOActive Chief Technology Officer, was featured in a piece from CareerInfoSecurity discussing a recent breach in online services from carmaker Kia that allowed attackers to unlock doors & start engines in Kia automobiles.

‘Cars have been a favorite target for security researchers as software and electronic control units dominate what once were purely analog machines. Smartphone apps capable of controlling core vehicle functionality “expose those traditional physical functions to the communication and security frailties of internet protocols and applications,” said Gunter Ollmann, IOActive chief technology officer.’

BankInfoSecurity | John Sheehy, IOActive Senior Vice President Research and Strategy, was recently featured in a piece from BankInfoSecurity discussing the White House administration’s decision to take steps “to ban Chinese connected vehicle hardware and software from reaching the U.S. market, warning Monday of escalating foreign threats to the information and communications technology supply chain.”

“The proposed regulation will significantly improve vehicle cybersecurity in the U.S. by mitigating supply chain threats from known adversaries like China, according to John Sheehy, senior vice president of research and strategy for the research security firm IOActive.”

WIRED | “Researchers warn that a bug in AMD’s chips would allow attackers to root into some of the most privileged portions of a computer—and that it has persisted in the company’s processors for decades.” Check out this piece from WIRED featuring research from IOActive Principal Security Consultants, Enrique Nissim and Krzysztof Okupski, on a vulnerability in AMD chips called Sinkclose.

Inflight Magazine | Our very own John Sheehy, IOActive Senior Vice President, Research & Strategy, recently shared his thoughts in this Inflight Magazine piece, ‘Not if, but when,’ discussing cybersecurity in aviation. “While there is a broader acceptance of the importance of cybersecurity in aviation and within aircraft themselves, there are still significant opportunities for improvement.”