EDITORIAL | September 8, 2020

IOActive Labs Blog

Reclaiming Hallway Con

We have several exciting things happening with our blog content. Like many, we’ve been working to replace the value lost with the loss of face-to-face gatherings at meetings, conventions, and informal get-togethers. Many veterans of the conference circuit will tell you that by far the most valuable part of a typical conference is the hallway con, which refers to the informal discussions, networking, and often serendipitous meetings that happen outside the formal conference agenda.

IOActive is helping reclaim hallway con by making some of that valuable content available in a pandemic-friendly format on our blogs and in webinars. We recently launched our Guest Blog series with a post focused on emerging threats in intermodal transportation from Urban Jonson, an accomplished contributor to hallway con and leader of the Heavy Vehicle Cyber Security (HVCS) working group at NMFTA.

Likewise, we are making some more informal technical content available to a larger audience at a higher frequency through our new IOActive Labs blog.

IOActive Labs Blog

The IOActive Labs blog is an organizational innovation proposed by our consultants to support a more agile process for developing, reviewing, and posting technical content. It facilitates lower-latency, higher-frequency posting of technical content, which was more challenging within our prior process.

This new process allows for some interesting new types of content, such as live blogging during a CTF, and more informal content, such as documenting techniques. Furthermore, the organization of the technical content under the IOActive Labs blog will allow the part of our audience, who’s only interested in the (very interesting) bits and bytes, to easily find those posts as we include more diverse, non-technical content and voices in our main blog.

We want to break in the new IOActive Labs blog with an appropriately original and interesting first post.

Breaking in the IOActive Labs Blog with a Look at Aviation Operational Technology

Ruben Santamarta, a Principal Consultant at IOActive, has amassed a considerable body of groundbreaking, original cybersecurity research. He continues his work on emerging threats through a look into airline and airport operational technology (OT) associated with Electronic Bag Tags (EBTs). This post builds on his recent work on warcodes (malicious bar codes) discussed in his recent blog post.

This research takes an empirical look at some of the implementation flaws in a couple of examples of devices and components that support the “tags everywhere” and “sensors everywhere” trends brought about by IoT and the thirst for more sources of data to feed the big data movement. It also illustrates some of the potential supply-chain risks associated with using insecure, but not intentionally malicious, products and components in systems that perform core business operations.

You may also follow the latest posts on the IOActive Labs twitter.

More to Come

We have more exciting innovations to come as we work to recapture more of the value lost without conferences.