IOActive is sponsoring the Maritime Cybersecurity Summit this year, and we’ll have a team onsite at the Summit. Be sure to find and connect with our team members in Miami!

The Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC) promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders – with the mission to effectively improve cyber risk management across the entire MTS community through effective information sharing for the improved identification, protection, detection, response and recovery efforts related to cyber risks.

The Maritime Cybersecurity Summit will be held at the University of Miami, and we’re looking forward to connecting with the community.

Event info

IOActive is a sponsor of the Car Hacking Village @DEFCON 31 this year. Our team will be on-hand taking part in volunteering, and running activities at the Village. Car Hacking Village – securing critical automotive systems.

Josep Pi Rodriguez, IOActive Principal Security Consultant, will be presenting: ‘CFP Contactless Overflow: Code execution in payment terminals and ATM’s over NFC’ at DEF CON 31.

We conducted research to assess the current security of NFC payment readers that are present in most of the major ATM brands, portable point of sales, gas stations, vending machines, transportation and other kind of point of sales in the US, Europe and worldwide. In particular, we found code execution vulnerabilities exploitable through NFC when handling a special application protocol data unit (APDU) that affect most NFC payment vendors. The vulnerabilities affect bare metal firmware devices and Android/Linux devices as well.

After waiting more than a year and a half after we disclosed it to all the affected vendors, we are ready to disclose the technical details to the public. This research was covered in the media by wired.com but without the technical details that we can share now.

more info

IOActive will be a sponsor with a team participating in the cybersecurity exchange event in Amsterdam, NL in September 2023.

This Automotive IQ’s event is the world’s first, invitation-only event for senior automotive cybersecurity leaders, decision-makers and influencers – An Intensive Learning & Networking Experience Like No Other.

Krzysztof Okupski, IOActive Associate Principal Security Consultant, will be presenting ‘Back to the Future with Platform Security’ at Hexacon 2023.

In the last decade the industry has seen a large amount of research released around Intel platform security. Since the release of CHIPSEC, the industry has had a tool to quickly analyze their Intel platform against a secure baseline for misconfigurations. As a result of this, it has become more difficult to find misconfigured Intel platforms from major OEMs.

As we dove into the platform security realm ourselves, we noticed a complete lack of focus and analysis of AMD platforms. This was a surprise to us due to the popularity and significantly growing market share of AMD.

The presentation will cover a deep dive into interesting architectural differences across Intel and AMD that make up for the security of the platform: a first glance of various AMD security features, such as ROM Armor and Platform Secure Boot. Additionally, several vulnerabilities will be presented, when combined, allowed us to inject a persistent firmware implant running in ring -2 on various systems.
All these details have been flushed into a tool that we developed which can be used by end users to quickly verify that their systems are free from common misconfigurations.

event info

John Sheehy, IOActive SVP of Research & Strategy, will be participating in the Omdia Analyst Summit panel discussion at Black Hat, Tuesday, August 8, 2023, at 2:15PM PT.

Stories from the Field: Successes in Industry-Specific Cybersecurity

Security success in specific vertical market segments like manufacturing, retail, or finance can be a double-edged sword: each vertical has its own special security requirements and challenges, but effective solutions also must fit into a broader security architecture and support overall cybersecurity program objectives. In this panel, vendors and solution providers will discuss their industry-specific approaches and share success stories from customers on how they’ve helped them meet security challenges unique to their verticals while also supporting broader business objectives.

event info

Joseph Tartaro, Enrique Nissim and Ethan Shackelford of IOActive Research will be presenting: ‘Shuffle Up and Deal: Analyzing the Security of Automated Card Shufflers’ at Black Hat USA 2023.

There’s a long history of cheating in the world of gambling, from hiding aces up your sleeve to developing modern hacks. So it’s no surprise that modern casinos are designed with security in mind; thousands of cameras watch every square inch of the floor, closely monitoring each table and machine. Nevertheless, cheating still occurs and can lead to millions of dollars in losses, not only to casinos but, in some games, to players as well.

Please be sure to catch the IOActive team at Las Vegas.
Black Hat program info here.

Driving the transition to e-mobility. The 36th Electric Vehicle Symposium and Exposition (EVS36) is the longest-running premier showcase devoted to electric transportation, technologies, and industry innovation.

Conference for automotive manufacturers, autonomous driving innovators and industry experts – to explore the latest in connected and automated vehicle technologies for next-generation autonomous vehicles.

IOActive is sponsoring 44CON, and we’ll have a team on-site in taking part in speaking and various demo/challenge engagements. 44CON is an Information Security Conference & Training event taking place in London. Designed to provide something for the business and technical Information Security professional.