RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Disclosures | ADVISORIES | October 21, 2014

OpenBSD ≤ 5.5 Local Kernel Panic

A non-privileged use could cause a local Denial-of-Service (DoS) condition by triggering a kernel panic through a malformed ELF executable.

Launch PDF
Alejandro Hernandez
Disclosures | ADVISORIES | July 1, 2014

Belkin WeMo Home Automation Vulnerabilities

The WeMo devices connect to the Internet using the STUN/TURN protocol. This gives users remote control of the devices and allows them to perform firmware updates from anywhere in the world. A generated GUID is the primary source of access control. WeMo also uses a GPG-based, encrypted firmware distribution scheme to maintain device integrity during updates. Unfortunately, attackers can easily bypass most of these features due to the way they are currently implemented in the WeMo product line. The command for performing firmware updates is initiated over the Internet from…

Launch PDF
Mike Davis
Disclosures | ADVISORIES |

Steam Client Creates World-writable Shell Script

While performing a routine world-writable file scan, one of IOActive’s consultants discovered that the Steam Client for Mac OS X creates world-writable shell scripts when installing games.

Launch PDF
Ilja van Sprundel
Disclosures | ADVISORIES |

OleumTech Wireless Sensor Network Vulnerabilites

OleumTech has manufactured industrial wireless solutions for almost 15 years, providing visibility to disparate assets for major Oil & Gas producers for near real-time optimization decisions, resource deployment, and regulatory compliance. OleumTech also manufacturers industrial automation systems that represents the new paradigm of remote monitoring and control for industries, such as Oil & Gas, Refining, Petro-chemical, Utilities, and Water/Wastewater. In June 2013, IOActive Labs reported four critical vulnerabilities in OleumTech’s wireless sensor network to ICS-CERT. To date, IOActive Labs is not aware of any fixes released by OleumTech.

Launch PDF
Lucas Apa & Carlos Penagos
Disclosures | ADVISORIES | March 18, 2014

Sielco Sistemi Winlog Multiple Vulnerabilities

This advisory is a follow-up to the alerts titled “ICS-ALERT-12-166-01 Sielco Sistemi Winlog Buffer Overflow” that was published June 14, 2012, and “ICS-ALERT-12-179-01 Sielco Sistemi Winlog Multiple Vulnerabilities” that was published June 27, 2012, on the ICS-CERT web page.

View Advisory
Carlos Hollman
Disclosures | ADVISORIES | July 1, 2013

TURCK BL20/BL67 Programmable Gateways undocumented hardcoded accounts

The affected products provide communication between the communications bus and I/O modules. According to TURCK, the BL20 and BL67 are deployed across several sectors. These include agriculture and food, automotive, and critical manufacturing. TURCK estimates that these products are used primarily in the United States and Europe with a small percentage in Asia. This vulnerability allows an attacker to remotely access the device through its embedded FTP server by using the undocumented, hard-coded credentials. The attacker can then install a trojanized firmware to control communications and processes.

Launch PDF
Ruben Santamarta
Disclosures | ADVISORIES |

Protocol Handling Issues in X.Org X Window System Client Libraries

X.Org believes all prior versions of these libraries contain the vulnerabilities discussed in this document, dating back to their introduction. Versions of the X libraries built on top of the Xlib bridge to the XCB framework are vulnerable to fewer issues than those without. This is due to the added safety and consistency assertions in the XCB calls to read data from the network. However, most of these vulnerabilities are not caught by such checks.

Launch PDF
Ilja van Sprundel
Disclosures | ADVISORIES |

DASDEC Vulnerabilities

The United States Emergency Alert System (EAS) in 1997 replaced the older and better known Emergency Broadcast System (EBS) used to deliver local or national emergency information. The EAS is designed to “enable the President of the United States to speak to the United States within 10 minutes” after a disaster occurs. In the past, these alerts were passed from station to station using the Associated Press (AP) or United Press International (UPI) “wire services”, which connected to television and radio stations around the U.S. Whenever the station received an…

Launch PDF
Mike Davis
Disclosures | ADVISORIES |

ProSoft Technology RadioLinx ControlScape PRNG Vulnerability

The RadioLinx ControlScape application is used to configure and installradios in a FHSS radio network and to monitor their performance. ProSoft Technology states that default values built into the software work well for initial installation and testing. The software generates a random passphrase and sets the encryption level to 128-bit AES when it creates a new radio network.

Launch PDF
Lucas Apa & Carlos Penagos
Disclosures | ADVISORIES | November 9, 2012

SIEMENS Sipass Integrated 2.6 Ethernet Bus Arbitrary Pointer Dereference

This vulnerability exists within AscoServer.exe during the handling of RPC messages over the Ethernet Bus. Insufficient sanity checking allows remote and unauthenticated attackers to corrupt a Heap-Allocated Structure and then dereference an arbitrary pointer. When manipulating an IOCP message, it is possible to alter the behavior of message parsing. This allows another IOCP message to subvert the listener of IOCP messages, which leads to export of a write-n primitive. This flaw allows remote attackers to execute arbitrary code on the target system, under the context of the SYSTEM account, where…

Launch PDF
Lucas Apa

Commonalities In Vehicle Vulnerabilities

With the connected car becoming commonplace in the market, vehicle cybersecurity continues to grow more important every year. At the forefront of security research, IOActive has amassed real-world vulnerability data illustrating the general issues and potential solutions to the cybersecurity threats today’s vehicles face.

View Whitepaper