RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | GUEST BLOG | December 13, 2022

Interdependencies – Handshakes Between Critical Infrastructures | Ernie Hayden

As of this writing, the United States was recently threatened by a major railroad union strike. The railroads are a major element of the country’s critical infrastructure. Their shutdown could lead to multiple, cascading impacts on the delivery of goods and services, not only in the US but also in Canada and Mexico. Shipping lines could also be impacted by a railroad strike, since they will not be able to receive or offload containers and cargo to and from rail cars. Per a CNN article, a…

Blogs | RESEARCH | November 2, 2022

Exploring the security configuration of AMD platforms

TLDR: We present a new tool for evaluating the security of AMD-based platforms and rediscover a long-forgotten vulnerability class that allowed us to fully compromise SMM in the Acer Swift 3 laptop (see Acer’s advisory). Introduction In the last decade, a lot of interesting research has been published around UEFI and System Management Mode (SMM) security. To provide a bit of background, SMM is the most privileged CPU mode on x86-based systems; it is sometimes referred to as ring -2 as it is more privileged than the…

IOActive Research
Blogs | GUEST BLOG | October 26, 2022

Remote Writing Trailer Air Brakes with RF | Ben Gardiner, NMFTA

Over the course of a few years and a pandemic, we (AIS and NMFTA) tested several tractor-trailers for the security properties of the trailer databus, J2497 aka PLC4TRUCKS. What we discovered was that 1) this traffic could be read remotely with SDRs and active antennas but, more importantly, 2) that valid J2497 traffic could be induced on the trailer databus using SDRs, power amplifiers and simple antennas. In this blog post we will introduce you to some concepts and the discoveries overall – for the full technical details please get…

Blogs | RESEARCH | September 29, 2022

NFC Relay Attack on Tesla Model Y

Josep Pi Rodriguez, Principal Security Consultant, walks you through the proof-of-concept and technical details of exploitation for the NFC relay attack research on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and we then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark’s BlueShark module. It is known in the vehicle security industry that NFC relay attacks (as well as Radio…

Josep Pi Rodriguez
Blogs | GUEST BLOG | June 14, 2022

The Battle of Good versus Evil: Regulations and Cybersecurity | Urban Jonson

We all recognize the importance of the DRS Organization Policy within a GCP Org, now we’d like to discuss Cross-Domain Sharing, or XDS as we are calling it. Do you know where your organization’s identities are being used externally? If not, we want to share details on the risks and how SADA can help assess your GCP org.

Blogs | EDITORIAL | May 13, 2022

Update on SATCOM Terminal Attacks During the War in Ukraine

In a prior post titled “Missed Calls for SATCOM Cybersecurity: SATCOM Terminal Cyberattacks Open the War in Ukraine,” I shared three hypotheses about the identity of the threat actor responsible for the SATCOM terminal attacks that opened the war.[1] On 31 March 2022, shortly after my post went live, other posts examining forensic evidence from the attack provided some of the additional information needed to support or reject these hypotheses. Open-Source Forensic Analysis Ruben Santamarta published a blog post titled “VIASAT Incident: From Speculation to Technical Details”…

John Sheehy
Blogs | RESEARCH | April 5, 2022

Satellite (in)security: Vulnerability Analysis of Wideye SATCOM Terminals

Ethan Shackelford, IOActive Security Consultant, revisits the long-standing IOActive SATCOM security research with the introduction of the latest whitepaper detailing the original research into two SATCOM terminals manufactured by Addvalue Technologies, Ltd.: the Wideye iSavi and Wideye SABRE Ranger 5000. He further provides current insight to the numerous identified serious security vulnerabilities in both devices, including broken or backdoored authentication mechanisms, rudimentary data parsing errors allowing for complete device compromise over the network, completely inadequate firmware security, and sensitive information disclosure, including the leaking of terminal GPS…

Ethan Shackelford
Blogs | EDITORIAL | March 30, 2022

Missed Calls for SATCOM Cybersecurity: SATCOM Terminal Cyberattacks Open the War in Ukraine

Unfortunately, IOActive was right. IOActive presciently foresaw the use of cyberattacks against commercial satellite communication (SATCOM) terminals and has worked tirelessly to warn the industry for the last nine years. There have been several credible reports of destructive exploitation of vulnerabilities in commercial SATCOM terminals during the opening hours of the War in Ukraine by Russian elements to prepare the battlefield.[1],[2],[3] I’m disappointed that more industry members didn’t heed our warning, which provided ample time to act and mitigate the realization of these threats….

John Sheehy
Blogs | RESEARCH | March 29, 2022

Batteries Not Included: Reverse Engineering Obscure Architectures

Ethan Shackelford, IOActive Security Consultant, explores reverse engineering the Analog Devices’ Blackfin architecture – going from zero knowledge to full decompilation and advanced analysis, using Binary Ninja. While common instruction set architectures (ISAs – x86, ARM) dominate the markets, there is a wide variety of obscure and uncommon architectures also available – many featuring specialized architectures, such as PIC (commonly found in ICS equipment) and various Digital Signal Processing (DSP) focused architectures; various techniques and methodologies for understanding new, obscure architectures and the surrounding infrastructure which may be poorly documented…

Ethan Shackelford
Blogs | EDITORIAL | March 16, 2022

Responding to a Changing Threatscape: Sharing More

IOActive’s mission is to make the world a safer and more secure place. In the past, we’ve worked to innovate in the responsible disclosure process.

John Sheehy

Commonalities in Vehicle Vulnerabilities

2022 Decade Examination Update | With the connected car now commonplace in the market, automotive cybersecurity has become the vanguard of importance as it relates to road user safety. IOActive has amassed over a decade of real-world vulnerability data illustrating the issues and potential solutions to cybersecurity threats today’s vehicles face.

This analysis is a major update and follow-up to the vehicle vulnerabilities report originally published in 2016 and updated in 2018. The goal of this 2022 update is to deliver current data and discuss how the state of automotive cybersecurity has progressed over the course of 10 years, making note of overall trends and their causes.

ACCESS THE REPORT


IOACTIVE CORPORATE OVERVIEW (PDF)IOACTIVE SERVICES OVERVIEW (PDF)


IOACTIVE ARCHIVED WEBINARS