PRESS RELEASE | April 20, 2017

IOActive Discovers Security Vulnerabilities in Select Linksys Router Models

Security researchers uncover 10 separate issues making thousands of popular Wi-Fi routers susceptible to attack

Seattle, Wash. – April 20, 2017 – IOActive, Inc., the worldwide leader in research-driven security services, today released information on a number of cybersecurity vulnerabilities found in more than 20 models of Linksys Smart Wi-Fi Routers. The vulnerabilities identified, if exploited, could allow attackers to overload a router and force a reboot, deny user access, leak sensitive information about the router and connected devices, and change restricted settings. IOActive and Linksys have worked together since the findings were disclosed and a security advisory has been issued by Linksys, including a workaround for customers until final firmware updates are posted in the coming weeks.

The research was authored by IOActive senior security consultant, Tao Sauvage, and independent security researcher Antide Petit.

Sauvage and Petit’s research, conducted during Q4 of 2016, included reverse engineering of the firmware, definition of the attack surface and code review and penetration testing of the exposed functions. They uncovered 10 vulnerabilities, ranging from low to high risk, present in over 20 router models in production and distributed widely today. An initial search identified over 7,000 vulnerable devices exposed on the Internet at the time of the scan.

“A number of the security flaws we found are associated with authentication, data sanitization, privilege escalation and information disclosure,” said Sauvage. “Additionally, 11 percent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year’s Mirai Denial of Service (DoS) attacks.”

IOActive informed Linksys of the vulnerabilities in January 2017, and the two companies have been working closely and cooperatively through responsible disclosure to validate and address the issues found. The Linksys security team has been extremely receptive and responsive in working through the findings, addressing the issues uncovered and taking the necessary steps to protect its consumers.

“Working together with IOActive, we’ve been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure,” said Benjamin Samuels, Application Security Engineer at Belkin (Linksys Division). “Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings. IOActive has been a great partner throughout what’s been a text book example of researcher and vendor working cooperatively together through responsible disclosure for the good of the customer.”

About IOActive

IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

Follow IOActive:
IOActive on Github
IOActive on Twitter
IOActive on Crunchbase
IOActive on Bloomberg

PRESS RELEASE | March 8, 2017

IOActive Discovers Multiple Security Vulnerabilities in Confide Messaging Application

Seattle, Wash. – March 8, 2017 – IOActive, Inc., the worldwide leader in research-driven security services, today released a new security advisory highlighting numerous security vulnerabilities discovered in a messaging application from Confide, Inc. IOActive security researchers Mike Davis, Ryan O’Horo, and Nick Achatz tested Confide version 1.4.2 for Windows and OS X, 4.0.4 for Android by reverse engineering the published application, observing its behavior, and interacting with the public API.

Confide is marketed as a confidential messaging application that uses “military grade end-to end-encryption” to protect confidential communications on mobile devices. The issues identified at the time of testing the Confide messenger application were in four major areas, including:

HTTPS: The application’s notification system did not require a valid SSL server certificate to communicate, which means session information could be leaked to actors performing a man-in-the-middle attack.
Messaging: Unencrypted messages could be transmitted, and the user interface made no indication when unencrypted messages were received. The application uploaded file attachments before the user sent the intended message. The application failed to use authenticated encryption, giving Confide the ability to alter messages in-transit.
Account Management: The application allowed an attacker to enumerate all Confide user accounts, including real names, email addresses, and phone numbers. The application failed to adequately prevent brute-force attacks on user account passwords. Users were permitted to choose short, easy-to-guess passwords.
Website: The application’s website was vulnerable to an arbitrary URL redirection, which could facilitate social engineering attacks against its users. The application’s website reflected incorrectly entered passwords back to the browser.

The results of testing indicated that a malicious attacker could exploit vulnerabilities that were present to potentially perform one or more of the following actions:

Impersonate another user by hijacking their account session
Impersonate another user by guessing their password
Learn the contact details of all or specific Confide users
Become an intermediary in a conversation and decrypt messages
Alter the contents of a message or attachment in transit without first decrypting it

In accordance with IOActive’s responsible disclosure practices, IOActive informed Confide of the issues discovered during its research once they were properly validated, and then worked collaboratively with Confide on a remediation and disclosure timeline. Confide immediately responded to IOActive’s initial vulnerability disclosure and was responsive throughout the process.

“This is a great example of how responsible disclosure between researchers and vendors can work when both sides are engaged in making security a focus,” said Jennifer Steffens CEO of IOActive. “When our researchers connected with Confide to disclose the vulnerabilities they were receptive to our research, quick to move on addressing critical issues found, and worked with us to share the information. From 18 years of experience in security research, we know just how rare this interaction is, yet collaborative information exchange and responsiveness are the baseline for successful responsible disclosures. We wish more firms were as responsive and committed to quick resolution of identified issues.”

The full advisory report on the research can be accessed on the IOActive website here: https://www.ioactive.com/pdfs/IOActive-Security-Advisory-Confide-Messaging-Ap.pdf

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information.Follow IOActive on Twitter: http://twitter.com/ioactive.

Follow IOActive:
IOActive on Github
IOActive on Twitter
IOActive on Crunchbase
IOActive on Bloomberg

#####

PRESS RELEASE | March 1, 2017

IOActive Finds Rampant Security Vulnerabilities in Home, Business and Industrial Robots

Seattle, Wash. – March 1, 2017 – IOActive, Inc., the worldwide leader in research-driven security services, today released a new paper exposing numerous vulnerabilities found in multiple home, business, and industrial robots available on the market today. The array of vulnerabilities identified in the systems evaluated included many graded as high or critical risk, leaving the robots highly susceptible to cyberattack. Attackers could employ the issues found to maliciously spy via the robot’s microphone and camera, leak personal or business data, and in extreme cases, cause serious physical harm or damage to people and property in the vicinity of a hacked robot.

“There’s no doubt that robots and the application of Artificial Intelligence have become the new norm and the way of the future,” said Cerrudo. “Robots will soon be everywhere – from toys to personal assistants to manufacturing workers – the list is endless. Given this proliferation, focusing on cybersecurity is vital in ensuring these robots are safe and don’t present serious cyber or physical threats to the people and organizations they’re intended to serve.”

During the past six months, IOActive’s researchers tested mobile applications, robot operating systems, firmware images, and other software in order to identify the flaws in several robots from vendors, including: SoftBank Robotics, UBTECH Robotics, ROBOTIS, Universal Robots, Rethink Robotics, and Asratec Corp.

“In this research, we focused on home, business, and industrial robots, in addition to robot control software used by several robot vendors,” said Apa. “Given the huge attack surface, we found nearly 50 cybersecurity vulnerabilities in our initial research alone, ranging from insecure communications and authentication issues, to weak cryptography, memory corruption, and privacy problems, just to name a few.”

According to Cerrudo and Apa, once a vulnerability has been exploited, a hacker could potentially gain control of the robot for cyber espionage, turn a robot into an insider threat, use a robot to expose private information, or cause a robot to perform unwanted actions when interacting with people, business operations, or other robots. In the most extreme cases, robots could be used to cause serious physical damage and harm to people and property.

The report also outlines basic security precautions that should be taken by robotic vendors to improve the security of robots, including implementing Secure Software Development Life Cycle (SSDLC), encryption, security audits, and more.

“We have already begun to see incidents involving malfunctioning robots doing serious damage to their surroundings, from simple property damage to loss of human life, and the situation will only worsen as the industry evolves and robot adoption continues to grow,” continued Cerrudo. “Vendors need to start focusing more on security when speeding the latest innovative robot technologies to market or the issue of malfunctioning robots will certainly be exasperated when malicious actors begin exploiting common security vulnerabilities to add intent to malfunction.”

All vendors included in the paper were alerted of the various specific vulnerabilities identified within their products many weeks ago in the course of responsible disclosure. Specific technical details of the vulnerabilities identified will be released at the conclusion of the disclosure process when vendors have had adequate time to address the findings.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

Follow IOActive:
IOActive on Github
IOActive on Twitter
IOActive on Crunchbase
IOActive on Bloomberg

#####

PRESS RELEASE | December 20, 2016

IOActive Discovers In-Flight Entertainment System Vulnerabilities

Seattle, WA – December 20, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released research detailing several cybersecurity vulnerabilities found in Panasonic Avionics In-Flight Entertainment (IFE) systems used by a number of major airlines including United, Virgin, American Airlines, Emirates, AirFrance, Singapore, and Qatar, among others. (more…)

PRESS RELEASE | July 28, 2016

IOActive Launches New Advisory Services Consulting Practice with Unique Offensive Security Approach to Risk Assessment

Seattle, WA – July 28, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today announced the launch of its Advisory Services practice, offering strategic security consulting that leverages IOActive’s testing and research expertise to help customers better align their security programs with business objectives. (more…)

PRESS RELEASE | July 18, 2016

Securing Smart Cities’ First Year: The Supporting Community Grows Three-Fold

Seattle, WA — July 18, 2016 – Just a year has passed since Securing Smart Cities – a not-for-profit global initiative that aims to raise awareness and solve the existing and future cybersecurity problems of smart cities – was launched. Since that time the initiative’s supporting community has increased three-fold — from ten cybersecurity experts from all over the world, to more than 30. (more…)

PRESS RELEASE | June 2, 2016

Less Than 10% of Internet of Things (IoT) Products Have Adequate Security (Survey)

Seattle, WA — June 2, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today released the findings of the IOActive Internet of Things (IoT) Security Survey, completed by senior security professionals earlier this year.

While the IoT era of products brings innumerable advances and modern conveniences to the lives of consumers, the connected nature of these products creates unintentional ports to other sensitive and critical systems, data, and devices. When security is insufficient in even seemingly harmless household appliances, wearables, or other IoT products, it presents endemic vulnerabilities and risks.

The IOActive IoT Security Survey, conducted in March 2016, revealed that nearly half (47%) of all respondents felt that less than 10% of all IoT products on the market are designed with adequate security. A staggering 85% believe that less than half of IoT products are secure. However, 63% of respondents felt the security in IoT products is actually better than in other product categories – a sobering revelation of the state of security sentiment for categories such as software, computing hardware, and medical devices, etc.

“Consensus is that more needs to be done to improve the security of all products, but the exponential rate at which IoT products are coming to market, compounded by the expansive risk network created by their often open connectivity, makes IoT security a particular concern and priority,” said Jennifer Steffens, chief executive officer for IOActive. “According to Gartner, 21 billion connected things will be in use by 2020. It’s important for the companies that develop these products to ensure security is built in; otherwise hackers are provided with opportunities to break into not only the products, but potentially other systems and devices they’re connected to.”

“Companies often rush development to get products to market in order to gain competitive edge, and then try to engineer security in after the fact. This ultimately drives up costs and creates more risk than including security at the start of the development lifecycle,” Steffens concluded.

The survey showed that 72% of respondents believe security not adequately designed into products is the single biggest challenge facing IoT security. A majority of the security professionals surveyed also felt that uneducated users and user error(63%) and data privacy (59%) were challenges to IoT security.

As remedies to these challenges, respondents looked to minimum security standards and enforcing mandatory product recalls, updates, or injunctions as the two most effective means for improving IoT product security. Additionally, 83% believe that public disclosure of vulnerabilities on its own is not enough, and that some form of regulatory action would be more effective.

IOActive performs a wide range of security research and provides services to organizations interested in building security into products, including a rapidly increasing percentage in the burgeoning IoT category.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

PRESS RELEASE | May 18, 2016

IOActive’s Alexander Bolshev and Ivan Yushkevich to present at CONFidence 2016

PRESENTATION:	When the medicine is more dangerous than the disease: mobile antivirus security assessment
PRESENTER(S):	Alexander Bolshev, Security Consultant for IOActive and Ivan Yuskevich, Digital Security
CONFERENCE:	CONFidence 2016
LOCATION:	Forum Hotel, Krakow, Poland
DATE & TIME:	May 19, 2016 at 16:40PM

(more…)

PRESS RELEASE | March 16, 2016

Increasing Global Focus on Security in Age of IoT Drives Record Growth for IOActive in 2015

Seattle, WA — March 16, 2016 – IOActive, Inc., the worldwide leader in research-driven security services, today announced its strongest business results in the company’s 18-year history, for the fiscal year ending December 31, 2015. The growth of IOActive’s security services business was predicated on ground-breaking research published by the company across multiple technology and vertical market segments. (more…)

PRESS RELEASE | May 26, 2015

Securing Smart Cities: Leading Security Experts Join Forces to Make Modern Cities Safer

Seattle, WA – May 26, 2015 – Securing Smart Cities, a new not-for-profit global initiative, is being launched today. Backed by leading IT security researchers, companies and organizations, including IOActive, Kaspersky Lab, Bastille, and the Cloud Security Alliance, the Securing Smart Cities initiative aims to solve the cybersecurity challenges smart cities face through collaboration and information sharing. The group will serve as a communications node for companies, governments, media outlets, not-for-profit initiatives, and individuals across the world involved in the creation, improvement, and promotion of smart and safe technologies for modern cities.

The concept of a smart city is very topical, and many organizations are working on intelligent solutions to make urban areas energy efficient, comfortable, environmentally friendly, and physically safe. Unfortunately, far fewer are considering the cybersecurity of these smart cities. The more IT organizations involved in creating a smart city, the greater the potential risk. If security is not addressed early on, the cost and complexity of a smart city could make it difficult to address problems. In the end, the city would be left vulnerable.

The Securing Smart Cities initiative seeks to prevent this outcome using a range of activities, such as:

Educating smart city planners and providers on the importance and cost benefits of security best practices
Collaborating with partners to share ideas and methodologies
Endorsing the significance and benefits of introducing security early into the development lifecycle of a project or plan
Fostering partnerships between cities, providers, and the security community
Creating standards, guidelines, and resources to help improve cybersecurity across all areas related to smart cities

Participants in Securing Smart Cities believe that the initiative will help efficiently and responsibly share knowledge about the cybersecurity of modern cities. It will connect vendors of infrastructure automation equipment with security researchers ready to validate the secure functioning of these products. It will also bring city authorities together with the security community to collaboratively solve new cybersecurity problems.

“The cybersecurity of a modern, smart city is not something you can solve on your own. The concept involves so many different technologies communicating with each other in so many ways, that the only way to predict and eliminate all possible security issues is through collaboration between experts around the world. This is what Securing Smart Cities is for,” said Cesar Cerrudo, CTO for IOActive and Board Member of Securing Smart Cities.

“Smart cities present a tremendous opportunity for growth, sustainability, and social improvement. However, the projects can’t just be smart, they also need to be safe. Enabling embedded technologies and leveraging the Internet of Things in city infrastructure brings forth risk that must be considered and monitored to maintain safety for citizens. We want to work with city planners and builders to raise awareness about cyberthreats and share information on how to mitigate those threats before they can impact the public,” said Chris Rouland, Founder and CEO of Bastille and Board Member of Securing Smart Cities.

“Securing Smart Cities aims to solve cyber-problems at every stage of a smart city’s development: from planning through to the actual implementation of smart technologies. We encourage city authorities, equipment and software vendors, as well as security researchers to join the discussion,” said Patrick Nielsen, Principal Security Researcher at Kaspersky Lab and Board Member of the Securing Smart Cities initiative.

For more information, and to see the most recent updates on Secure Smart Cities activities, please visit: http://securingsmartcities.org.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Read the IOActive Labs Research Blog. Follow IOActive on Twitter: http://twitter.com/ioactive.

About Kaspersky Lab
Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 17-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide. Learn more at www.kaspersky.com.

About Bastille
Based in Atlanta and launched in 2014, Bastille is pioneering Internet of Things (IoT) security with next-generation security sensors and wireless emission detection, allowing corporations to accurately quantify risk and mitigate 21st century airborne threats. Through its proprietary technology, Bastille helps enterprise organizations protect cyber and human assets while providing unprecedented visibility of IoT devices that could pose a threat to network infrastructure. Currently in pilot testing, Bastille expects general availability in 2015. For more information, visit www.bastille.io and follow @BastilleNet on Twitter.

About Cloud Security Alliance
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. CSA harnesses the subject matter expertise of industry practitioners, associations, governments, and its corporate and individual members to offer cloud security-specific research, education, certification, events and products. For more information, visit https://cloudsecurityalliance.org

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2013. The rating was published in the IDC report “Worldwide Endpoint Security 2014–2018 Forecast and 2013 Vendor Shares (IDC #250210, August 2014). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2013.

Jim Shulkin
Global PR Manager,
IOActive, Inc.

PR@ioactive.com

US: +1.206.784.4367
UK: +44 (0) 20.7240.5223