RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | RESEARCH | January 21, 2022

How We Hacked Your Billion-dollar Company for Forty-two Bucks

Jamie Riden, IOActive Security Consultant/CREST-CHECK Lead, explores the weaknesses in outward-facing services most enterprises employ. Most organizations’ Internet perimeters are permeable. Weaknesses in outward-facing services are rarely independent of one another, and leveraging several together can often result in some sort of user-level access to internal systems. A lot of traffic goes in and out of a normal company’s Internet perimeter: email comes in and goes out, web traffic from customers or potential customers comes in, web traffic for internal users goes out, and lots of necessary services create traffic,…

Jamie Riden
Blogs | RESEARCH | December 6, 2021

Cracking the Snapcode

Daniel Moder, IOActive Security Consultant, explores the world of the ever-increasing forms of bar codes, specifically, cracking Snapcodes. Snapcode is a proprietary 2D barcode system that can trigger a variety of actions when scanned in the Snapchat app. Unlike some bar code systems, there is no public documentation about how the Snapcode system works. Daniel delves in to discover the inner workings of Snapcode to answer the following questions:  What data do Snapcodes encode? How do Snapcodes encode data? What actions can be triggered when these codes are scanned?

Daniel Moder
Blogs | EDITORIAL | August 3, 2021

Counterproliferation: Doing Our Part

IOActive’s mission is to make the world a safer and more secure place. In the past, we’ve worked to innovate in the responsible disclosure process.

John Sheehy
Blogs | RESEARCH | July 30, 2021

Breaking Protocol (Buffers): Reverse Engineering gRPC Binaries

gRPC is an open-source RPC framework from Google which leverages automatic code generation to allow easy integration to a number of languages. Architecturally, it follows the standard seen in many other RPC frameworks: services are defined which determine the available RPCs. It uses HTTP version 2 as its transport, and supports plain HTTP as well as HTTPS for secure communication. Services and messages, which act as the structures passed to and returned by defined RPCs, are defined as protocol buffers. Protocol buffers are a common serialization solution, also designed by…

Ethan Shackelford
Blogs | EDITORIAL | April 8, 2021

Trivial Vulnerabilities, Serious Risks

Introduction The digital transformation brought about by the social distancing and isolation caused by the global COVID-19 pandemic was both extremely rapid and unexpected. From shortening the distance to our loved ones to reengineering entire business models, we’re adopting and scaling new solutions that are as fast-evolving as they are complex. The full impact of the decisions and technological shifts we’ve made in such short a time will take us years to fully comprehend. Unfortunately, there’s a darker side to this rapid innovation and growth which is often performed to…

Tiago Assumpcao & Robert Connolly
Blogs | RESEARCH | April 6, 2021

Watch Your Step: Research Into the Concrete Effects of Fault Injection on Processor State via Single-Step Debugging

Fault injection, also known as glitching, is a technique where some form of interference or invalid state is intentionally introduced into a system in order to alter the behavior of that system. In the context of embedded hardware and electronics generally, there are a number of forms this interference might take. Common methods for fault injection in electronics include: Clock glitching (errant clock edges are forced onto the input clock line of an IC) Voltage fault injection (applying voltages higher or lower than the expected voltage to IC power lines)…

Ethan Shackelford
Blogs | RESEARCH | February 23, 2021

A Practical Approach to Attacking IoT Embedded Designs (II)

In this second and final blog post on this topic, we cover some OTA vulnerabilities we identified in wireless communication protocols, primarily Zigbee and BLE. As in the previous post, the findings described herein are intended to illustrate the type of vulnerabilities a malicious actor could leverage to attack a specified target to achieve DoS, information leakage, or arbitrary code execution. These vulnerabilities affect numerous devices within the IoT ecosystem. IOActive worked with the semiconductor vendors to coordinate the disclosure of these security flaws, but it is worth mentioning that…

Ruben Santamarta
Blogs | RESEARCH | February 23, 2021

Probing and Signal Integrity Fundamentals for the Hardware Hacker, part 2: Transmission Lines, Impedance, and Stubs

This is the second post in my ongoing series on the troubles posed by high-speed signals in the hardware security lab. What is a High-speed Signal? Let’s start by defining “high-speed” a bit more formally: A signal traveling through a conductor is high-speed if transmission line effects are non-negligible. That’s nice, but what is a transmission line? In simple terms: A transmission line is a wire of sufficient length that there is nontrivial delay between signal changes from one end of the cable to the other. You may also see…

Andrew Zonenberg

Commonalities in Vehicle Vulnerabilities

2022 Decade Examination Update | With the connected car now commonplace in the market, automotive cybersecurity has become the vanguard of importance as it relates to road user safety. IOActive has amassed over a decade of real-world vulnerability data illustrating the issues and potential solutions to cybersecurity threats today’s vehicles face.

This analysis is a major update and follow-up to the vehicle vulnerabilities report originally published in 2016 and updated in 2018. The goal of this 2022 update is to deliver current data and discuss how the state of automotive cybersecurity has progressed over the course of 10 years, making note of overall trends and their causes.

ACCESS THE REPORT


IOACTIVE CORPORATE OVERVIEW (PDF)IOACTIVE SERVICES OVERVIEW (PDF)


IOACTIVE ARCHIVED WEBINARS