RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | RESEARCH | November 2, 2020

CVE-2020-16877: Exploiting Microsoft Store Games

TL; DR. This blog post describes a privilege escalation issue in Windows (CVE-2020-16877) I reported to Microsoft back in June, which was patched in October. This issue allows an attacker to exploit Windows via videogames by directly targeting how Windows handles Microsoft Store games. This issue could be exploited to elevate privileges from a standard user account to Local System on Windows 10.

Donato Ferrante
Blogs | RESEARCH | October 6, 2020

A journey into defeating regulated electronic cigarette protections

TL;DR: This blog post does not encourage smoking nor vaping. The main focus of this blog will be defeating the protections of a regulated electronic cigarette to assess the ability of it being weaponized via a remote attacker by modifying its firmware and delivering it through a malware which waits for electronic cigarettes to be connected over USB or discovered over Bluetooth.

Ehab Hussein
Blogs | RESEARCH | September 28, 2020

Password Cracking: Some Further Techniques

A password hash is a transformation of a password using what we call a “one-way” function. So, for example, ROT-13 (rotate by half the alphabet) would be a very, very bad password hash function and would give fairly recognizable results like “Cnffjbeq123!”. The one-way property means it must be essentially impossible to construct the inverse function and recover the original, and functions like MD5 or SHA1 certainly meet that particular criterion. Iterated encryption functions like DES have also been used (for example LAN Manager hashes), but seem to have fallen…

Jamie Riden
Blogs | RESEARCH | September 22, 2020

Uncovering Unencrypted Car Data in BMW Connected App

TL; DR: Modern mobile OSes encrypt data by default, nevertheless, the defense-in-depth paradigm dictates that developers must encrypt sensitive data regardless of the protections offered by the underlying OS. This is yet another case study of data stored unencrypted, and most importantly, a reminder to developers not to leave their apps’ data unencrypted. In this case study, physical access to an unlocked phone, trusted computer or unencrypted backups of an iPhone is required to exfiltrate the data, which in turn does not include authentication data and cannot be used to control…

Alejandro Hernandez
Blogs | EDITORIAL | September 17, 2020

Cybersecurity Vigilance for a Historic Election

November 3rd is Election Day in the United States. Every election is important, but this election is particularly crucial. It is one of the most important elections in our lifetime—the 2020 election will determine the course of the United States for the next 10 years or more. With so much on the line, every vote counts—but the security and integrity of, and voter confidence in, the election itself are also at risk. The Senate Intelligence Committee determined that Russia influenced and interfered with the 2016 election, and US intelligence agencies…

Matt Rahman
Blogs | EDITORIAL | September 15, 2020

Security Makes Cents: Perspectives on Security from a Finance Leader

Recently, it feels like the Internet is filled with stories of cyber-breaches and security breakdowns. As the world is more interconnected than ever, these stories are becoming all too familiar. In fact, there is a malicious web-based hacking event every 39 seconds, and 43% of them target small businesses. While a breach can occur in any area of a business, a corporate finance department is often uniquely positioned, with touch-points extending further outside the company than other groups. With touch-points up and down the supply chain,…

Joshua Beauregard
Blogs | RESEARCH | September 11, 2020

WSL 2.0 dxgkrnl Driver Memory Corruption

IOActive Labs – Joseph Tartaro, IOActive Associate Principal Consultant, shares a deeply technical exploration into dxgkrnl driver corruption issues.

Joseph Tartaro
Blogs | EDITORIAL | September 8, 2020

IOActive Labs Blog

Reclaiming Hallway Con We have several exciting things happening with our blog content. Like many, we’ve been working to replace the value lost with the loss of face-to-face gatherings at meetings, conventions, and informal get-togethers. Many veterans of the conference circuit will tell you that by far the most valuable part of a typical conference is the hallway con, which refers to the informal discussions, networking, and often serendipitous meetings that happen outside the formal conference agenda. IOActive is helping reclaim hallway con by making some of that valuable content…

John Sheehy
Blogs | RESEARCH | September 1, 2020

Breaking Electronic Baggage Tags – Lufthansa vs British Airways

IOActive Labs – Ruben Santamarta, IOActive Principle Security Consultant, provides a deep probing look into electronic baggage tag (EBT) solutions from Lufthansa and British Airways on the IOActive Labs blog.

Ruben Santamarta