Satellite (in)security: Vulnerability Analysis of Wideye SATCOM Terminals
Ethan Shackelford, IOActive Security Consultant, revisits the long-standing IOActive SATCOM security research with the introduction of the latest whitepaper detailing the original research into two SATCOM terminals manufactured by Addvalue Technologies, Ltd.: the Wideye iSavi and Wideye SABRE Ranger 5000. He further provides current insight to the numerous identified serious security vulnerabilities in both devices, including broken or backdoored authentication mechanisms, rudimentary data parsing errors allowing for complete device compromise over the network, completely inadequate firmware security, and sensitive information disclosure, including the leaking of terminal GPS…
Missed Calls for SATCOM Cybersecurity: SATCOM Terminal Cyberattacks Open the War in Ukraine
Unfortunately, IOActive was right. IOActive presciently foresaw the use of cyberattacks against commercial satellite communication (SATCOM) terminals and has worked tirelessly to warn the industry for the last nine years. There have been several credible reports of destructive exploitation of vulnerabilities in commercial SATCOM terminals during the opening hours of the War in Ukraine by Russian elements to prepare the battlefield.[1],[2],[3] I’m disappointed that more industry members didn’t heed our warning, which provided ample time to act and mitigate the realization of these threats….
Batteries Not Included: Reverse Engineering Obscure Architectures
Ethan Shackelford, IOActive Security Consultant, explores reverse engineering the Analog Devices’ Blackfin architecture – going from zero knowledge to full decompilation and advanced analysis, using Binary Ninja. While common instruction set architectures (ISAs – x86, ARM) dominate the markets, there is a wide variety of obscure and uncommon architectures also available – many featuring specialized architectures, such as PIC (commonly found in ICS equipment) and various Digital Signal Processing (DSP) focused architectures; various techniques and methodologies for understanding new, obscure architectures and the surrounding infrastructure which may be poorly documented…
Responding to a Changing Threatscape: Sharing More
IOActive’s mission is to make the world a safer and more secure place. In the past, we’ve worked to innovate in the responsible disclosure process.
Wideye Security Advisory and Current Concerns on SATCOM Security
In accordance with our Responsible Disclosure Policy1, we are sharing this previously unpublished, original cybersecurity research, since the manufacturer of the affected products in the Wideye brand, Addvalue Technologies Ltd., has been non-responsive for more than 3-years after our initial disclosure and we have seen similar vulnerabilities exploited in the wild during the War in Ukraine.2 IOActive disclosed the results of the research back in 2019 and successfully connected with AddValue Technologies Ltd, the vulnerable vendor. Unfortunately, we have not received any feedback from the manufacturer…
Biometric Hacking: Facial Authentication Systems
Gabriel Gonzalez, Director of Hardware Security, and Alejo Moles, Security Consultant, explore various techniques to bypass facial recognition algorithms in this IOActive Labs blog. The use of facial recognition systems has become pervasive and ubiquitous on mobile phones and making significant inroads in other sectors as way to authenticate end users. These technologies rely on models created from an image or facial scan, selecting specific features that will be checked in a live environment against the actual user or an attacker. The algorithms need be accurate enough to detect a…
How We Hacked Your Billion-dollar Company for Forty-two Bucks
Jamie Riden, IOActive Security Consultant/CREST-CHECK Lead, explores the weaknesses in outward-facing services most enterprises employ. Most organizations’ Internet perimeters are permeable. Weaknesses in outward-facing services are rarely independent of one another, and leveraging several together can often result in some sort of user-level access to internal systems. A lot of traffic goes in and out of a normal company’s Internet perimeter: email comes in and goes out, web traffic from customers or potential customers comes in, web traffic for internal users goes out, and lots of necessary services create traffic,…
Cracking the Snapcode
Daniel Moder, IOActive Security Consultant, explores the world of the ever-increasing forms of bar codes, specifically, cracking Snapcodes. Snapcode is a proprietary 2D barcode system that can trigger a variety of actions when scanned in the Snapchat app. Unlike some bar code systems, there is no public documentation about how the Snapcode system works. Daniel delves in to discover the inner workings of Snapcode to answer the following questions: What data do Snapcodes encode? How do Snapcodes encode data? What actions can be triggered when these codes are scanned?
The Risk of Cross-Domain Sharing with Google Cloud’s IAM Policies | Chris Cuevas and Erik Gomez, SADA
We all recognize the importance of the DRS Organization Policy within a GCP Org, now we’d like to discuss Cross-Domain Sharing, or XDS as we are calling it. Do you know where your organization’s identities are being used externally? If not, we want to share details on the risks and how SADA can help assess your GCP org.
Counterproliferation: Doing Our Part
IOActive’s mission is to make the world a safer and more secure place. In the past, we’ve worked to innovate in the responsible disclosure process.