RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS | May 23, 2013

Identify Backdoors in Firmware By Using Automatic String Analysis

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) this Friday published an advisory about some backdoors I found in two programmable gateways from TURCK, a leading German manufacturer of industrial automation products. http://ics-cert.us-cert.gov/advisories/ICSA-13-136-01 Using hard-coded account credentials in industrial devices is a bad idea. I can understand the temptation among manufacturers to include a backdoor “support” mechanism in the firmware for a product such as this. This backdoor allows them to troubleshoot problems remotely with minimal inconvenience to the customer. On the other hand, it is only a…

Ruben Santamarta
Blogs | INSIGHTS | February 6, 2013

The Anatomy of Unsecure Configuration: Reality Bites

As a penetration tester, I encounter interesting problems with network devices and software. The most common problems that I notice in my work are configuration issues. In today’s security environment, we can accept that a zero-day exploit results in system compromise because details of the vulnerability were unknown earlier. But, what about security issues and problems that have been around for a long time and can’t seem to be eradicated completely? I believe the existence of these types of issues shows that too many administrators and developers are not paying…

Aditya K. Sood
Blogs | INSIGHTS | December 20, 2012

Exploits, Curdled Milk and Nukes (Oh my!)

Throughout the second half of 2012 many security folks have been asking “how much is a zero-day vulnerability worth?” and it’s often been hard to believe the numbers that have been (and continue to be) thrown around. For the sake of clarity though, I do believe that it’s the wrong question… the correct question should be “how much do people pay for working exploits against zero-day vulnerabilities?” The answer in the majority of cases tends to be “it depends on who’s buying and what the vulnerability is” regardless of the…

Gunter Ollmann
Blogs | INSIGHTS | October 30, 2012

3S Software’s CoDeSys: Insecure by Design

My last project before joining IOActive was “breaking” 3S Software’s CoDeSys PLC runtime for Digital Bond. Before the assignment, I had a fellow security nut give me some tips on this project to get me off the ground, but unfortunately this person cannot be named. You know who you are, so thank you, mystery person. The PLC runtime is pretty cool, from a hacker perspective. CoDeSys is an unusual ladder logic runtime for a number of reasons.   Different vendors have different strategies for executing ladder logic. Some run ladder logic…

Reid Wightman
Blogs | INSIGHTS | September 11, 2012

Malware Doesn’t Care About Your Disclosure Policy, But You Better Have One Anyway

All over the world, things are changing in ICS security—we are now in the spotlight and the only way forward is, well, forward. Consequently, I’m doing more reading than ever to keep up with technical issues, global incidents, and frameworks and policies that will ensure the security of our future. From a security researcher’s perspective, one exciting development is that .gov is starting to understand the need for disclosure in some cases. They have found that by giving companies lead time to implement fixes, they often get stonewalled for months…

Eireann Leverett

Arm IDA and Cross Check: Reversing the 787’s Core Network

IOActive has documented detailed attack paths and component vulnerabilities to describe the first plausible, detailed public attack paths to effectively reach the avionics network on a 787, commercial airplane from either non-critical domains, such as Passenger Information and Entertainment Services, or even external networks.

ACCESS THE WHITEPAPER


IOACTIVE CORPORATE OVERVIEW (PDF)