RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Library | COLLATERAL | April 22, 2019

IOActive Corporate Overview

Research-fueled Security Assessments and Advisory Services -IOActive has been at the forefront of cybersecurity and testing services since 1998. Backed by our award-winning research, our services have been trusted globally by enterprises and product manufacturers across a wide variety of industries and in the most complex of environments.

Launch PDF
Blogs | INSIGHTS | September 7, 2017

The Other Side of Cloud Data Risk

What I’m writing here isn’t about whether you should be in the cloud or not. That’s a complex question, it’s highly dependent on your business, and experts could still disagree even after seeing all of the inputs What I want to talk about is two distinct considerations when looking at the risk of moving your entire company to the cloud. There are many companies doing this, especially in the Bay Area. CRM, HR, Email—it’s all cloud, and the number of cloud vendors totals in the hundreds, perhaps even thousands. We’re…

Daniel Miessler
Blogs | INSIGHTS | December 3, 2012

IOActive Acquires Flylogic

IOActive Announces Acquisition of Flylogic Engineering and Hardware Security Lab World-renowned Semiconductor Security Expert, Christopher, Tarnovsky, to Head IOActive’s Expanded Hardware Division Seattle, WA—July 26, 2012. IOActive, a a global leader in information security services and research, today announced the acquisition of Flylogic Engineering and its assets, in addition to the appointment of Christopher Tarnovsky as IOActive’s Vice President of Semiconductor Security Services. In conjunction with this announcement, IOActive will be opening an expanded hardware and semiconductor security lab in San Diego, California. Flylogic and Mr. Tarnovsky have long been…

IOActive
Blogs | INSIGHTS | May 22, 2012

ST19XL18P – K5F0A Teardown

4 Metal, 350 nanometer fabrication process, EAL4+ smart card.  A device fabricated in 2002 and yet, today the latest ST19W/N series only main differences are the ROM data bus output width into the decrypt block and the fabrication process (180nm and 150nm shrink). The device was dipped into a HydroFluoric (HF) bath until the active shielding fell off.  The result of this saved about 10 minutes of polishing to remove the surface oxide and Metal 4 (M4).  This also helps begin the polishing process on the lower layers fairly evenly….

IOActive
Blogs | INSIGHTS | May 15, 2012

#HITB2012AMS: Security Bigwigs and Hacker Crème de la Crème Converge in Amsterdam Next Week

  Hi guys! We’re less than a week away from #HITB2012AMSand we’re super excited to welcome you there! HITBSecConf2012 – Amsterdam, our third annual outing in Europe will be at the prestigious Hotel Okura Amsterdam and this year marks our first ever week-long event with what we think is a simply awesome line-up of trainings, speakers, contests and hands-on showcase activities. There should be pretty much something to…

IOActive
Blogs | INSIGHTS | January 24, 2008

ATMEGA88 Teardown

An 8k FLASH, 512 bytes EEPROM, 512 bytes SRAM CPU operating 1:1 with the external world unlike those Microchip PIC’s we love to write up about :). It’s a 350 nanometer (nm), 3 metal layer device fabricated in a CMOS process.  It’s beautiful to say the least;  We’ve torn it down and thought we’d blog about it! The process Atmel uses on their .35 micrometer (um) technology is awesome. Using a little HydroFluoric Acid (HF) and we partially removed the top metal layer (M3).  Everything is now clearly visible for our…

IOActive
Blogs | INSIGHTS | December 29, 2007

AND Gates in logic

As we prepare for the New Year, we wanted to leave you with a piece of logic taken out of an older PIC16C series microcontroller. We want you to guess which micro(s) this gate (well the pair of them) would be found in. After the New Year, we’ll right up on the actual micro(s) and give the answer :). An AND gate in logic is basically a high (logic ‘1’) on all inputs to the gate. For our example, we’re discussing the 2 input AND. It should be noted that…

IOActive
Blogs | INSIGHTS | December 17, 2007

ST201: ST16601 Smartcard Teardown

ST SmartCards 201 – Introduction to the ST16601 Secure MCU This piece is going to be split into two articles- The first being this article is actually a primer on all of the ST16XYZ series smartcards using this type of Mesh technology.  They have overgone a few generations.  We consider this device to be a 3rd generation. In a seperate article yet to come, we are going to apply what you have read here to a smartcard used by Sun Microsystems, Inc. called Payflex.  From what we have gathered on the internet, they are used to control access to…

IOActive
Blogs | INSIGHTS | December 1, 2007

Infineon SLE4442

The SLE4442 has been around for a long time.  Spanning a little more than 10 years in the field, it has only now began to be replaced by the  newer SLE5542 (We have analyzed this device too and will write up an article soon). It is basically a 256 byte 8 bit wide EEPROM with special write protection.  In order to successfully write to the device, you need to know a 3 byte password called the Programmable Security Code (PSC).  The code is locked tightly inside the memory area of the device and if you…

IOActive
Blogs | INSIGHTS | November 15, 2007

The KEYLOK USB Dongle. Little. Green. And dead before it was born!

We decided to do a teardown on a Keylok USB based dongle from Microcomputer Applications, Inc. (MAI). Opening the dongle was no challenge at all. We used an x-acto knife to slit the sidewall of the rubber protective coating. This allowed us to remove the dongle’s circuit board from the surrounding protective coating. The top side of the printed circuit board (PCB) is shown above. MAI did not try to conceal anything internally. We were a little surprised by this :(. The backside consists of two tracks…

IOActive

Thoughts on Supply Chain Integrity

In this video presentation, John Sheehy, VP, Sales and Strategy at IOActive, shares his comprehensive view on the myriad considerations facing business as they undertake supply chain integrity assessments, focused on securing operations.

ACCESS THE VIDEO


IOACTIVE CORPORATE OVERVIEW (PDF)