Reverse Engineering of DAL-A Certified Avionics: Collins’ Pro Line Fusion—AFD-3700
Ruben Santamarta, IOActive Security Researcher, presents a highly technical and detailed look into reverse engineering the DAL-A Certified Avionics: Collins’ Pro Line Fusion—AFD-3700. Modern avionic systems are designed according to the Integrated Modular Avionics concept. Under this paradigm, safety-certified avionic applications and non-critical airborne software share the same computing platform but are running at different partitions. In this context the underlying safety-critical certified RTOS provides the logical isolation, which should prevent unintended interactions between software with different criticalities. This paper provides a comprehensive analysis of the architecture and vulnerabilities found…
Cyberattacks on SATCOM: Understanding the Threat
In 2014, Ruben Santamarta, Principal Security Consultant with IOActive, published a whitepaper titled “A Wake-up Call for SATCOM Security.” It detailed the discovery of an exceptionally weak security posture across a number of SATCOM terminals from a range of manufacturers. Four years later in 2018, Ruben published a follow up titled “Last Call for SATCOM Security” which detailed a thorough investigation into the security of SATCOM equipment across the Aviation, Maritime, and Military industries. In light of the cyberattacks at the start of the war…
Facial Recognition Security Research
IOActive, Inc. (IOActive) has conducted extensive research and testing of facial recognition systems on commercial mobile devices. Our testing lab includes testing setups for 2D- and 3D-based algorithms, including technologies using stereo IR cameras. For each of the different technologies, we first try to understand the underlying algorithms and then come up with creative and innovative setups to bypass them. Once an unlock is achieved, we calculate the Spoof Acceptance Rate (SAR), as described in the Measuring Biometric Unlock Security” section of the Android Compatibility Definition Document.1 This metric allows…
Techspective Podcast – The Value of Red and Purple Team Engagements
Episode 070. Tony Bradley of Techspective, chats with John Sawyer, IOActive Director of Services, Red Team, on the wide-ranging effects of alert fatigue, COVID-19 pandemic, physical security and more – directly affecting cybersecurity resiliency and the efficacy/benefits of red/purple team and pen-testing services.
Cross-Platform Feature Comparison
For an Intel-commissioned study, IOActive compared security-related technologies from both the 11th Gen Intel Core vPro mobile processors and the AMD Ryzen PRO 4000 series mobile processors, as well as highlights from current academic research where applicable. Our comparison was based on a set of objectives bundled into five categories: Below the OS, Platform Update, Trusted Execution, Advanced Threat Protection, and Crypto Extension. Based on IOActive research, we conclude that AMD offers no corresponding technologies those categories while Intel offers features; Intel and AMD have equivalent capabilities in the Trusted…
Trivial Vulnerabilities, Big Risks
IOActive case study detailing the trivial vulnerabilities with big risks for the users of the Brazilian National Justice Council Processo Judicial Eletrônico (CNJ PJe) judicial data processing system.
Breaking Bluetooth Low Energy – A Deep Dive (Breaking BLE series – part 2)
Maxine Filcher, Security Consultant at IOActive, continues from her ‘Introduction to Bluetooth Low Energy Exploitation,’ and presents a deep dive into the key components and tools for breaking BLE devices, from the perspective of a pentester and researcher.
Introduction to Bluetooth Low Energy Exploitation (Breaking BLE series – part 1)
Bluetooth, especially Bluetooth Low Energy (BLE), has become the ubiquitous backbone that modern devices use to interact with each other. From mobile, to IoT, to automotive, most smart devices now support Bluetooth connections. This enhanced connectivity expands the attack surface making this attack vector an increasingly necessary aspect of security testing.
IOActive Corporate Overview
Research-fueled Security Assessments and Advisory Services IOActive has been at the forefront of cybersecurity and testing services since 1998. Backed by our award-winning research, our services have been trusted globally by enterprises and product manufacturers across a wide variety of industries and in the most complex of environments. Tailored to meet each unique organization’s requirements, IOActive services offer deep expertise and insight from an attacker’s perspective.
Hacking and Securing LoRaWAN Networks
LoRaWAN is becoming the most popular low-power wide-area network (LPWAN) open standard protocol used around the world for Smart Cities, IIoT, Smart Building, etc. LoRaWAN protocol has “built-in encryption” making it “secure by default.” This results in many users blindly trusting LoRaWAN networks without being diligent in assessing security concerns; the implementation issues and weaknesses can make the networks vulnerable to hacking. Currently, much of the cybersecurity problems of LoRaWAN networks, are not well known. Also, there are no available tools for LoRaWAN network security testing/auditing and attack detection, which…