Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Library | WHITEPAPER | July 1, 2016

Assessing and Exploiting XML Schema’s Vulnerabilities

Specifications for XML and XML schemas include multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. This provides a complex scenario for developers, and a fun environment for hackers. Even though we use XML schemas to define the security of XML documents, we also use them to perform a variety of attacks: file retrieval, server side request forgery, port scanning, or brute forcing. This talk will analyze how to infer new attack vectors by analyzing the current vulnerabilities, and how it is…

Launch PDF
Fernando Arnaboldi
Library | WHITEPAPER | August 5, 2015

Remote Exploitation of an Unaltered Passenger Vehicle

Since 2010, several automotive security researchers have demonstrated the ability to inject messages into the CAN bus of a car, capable of affecting the physical systems of the vehicle. The widespread criticism of these methods as viable attack vectors was the claim that there was not a way for an attacker to inject these types of messages without close physical access to the vehicle. In this paper, Chris Valasek and Charlie Miller demonstrate that remote attacks against unaltered vehicles is possible.

Launch PDF
Chris Valasek & Charlie Miller
Library | WHITEPAPER | July 1, 2015

An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks

Cities around the world are becoming increasingly smart, which creates huge attack surfaces for potential cyber attacks. In this paper, IOActive Labs CTO Cesar Cerrudo provides an overview of current cyber security problems affecting cities as well real threats and possible cyber attacks that could have a huge impact on cities. Cities must take defensive steps now, and Cesar offers recommendations to help them get started.

Launch PDF
Cesar Cerrudo
Library | PRESENTATION | July 30, 2014

DC22 Talk: Killing the Rootkit

By Shane Macaulay I’ll  be at DefCon22 a to present information about a high assurance tool/technique that helps to detect hidden processes (hidden by a DKOM type rootkit).  It works very well with little bit testing required (not very “abortable” The process  also works recursively (detect host and guest processes inside a host memory dump). Plus, I will also be at our IOAsis ( , so come through for a discussion and a demo.

Library | WHITEPAPER | July 1, 2014

ELF Parsing Bugs by Example with Melkor Fuzzer

Too often the development community continues to blindly trust the metadata in Executable and Linking Format (ELF) files. In this paper, Alejandro Hernández walks you through the testing process for seven applications and reveals the bugs that he found. He performed the tests using Melkor, a file format fuzzer he wrote specifically for ELF files.

Launch PDF
Alejandro Hernandez
Library | WHITEPAPER |

A Survey of Remote Automotive Attack Surfaces

By looking at each car’s remote attack surface, internal network architecture, and computer controlled features, we are able to draw some conclusions about the suitability of the vehicle to remote attack. This doesn’t mean that the most susceptible looking isn’t in fact quite secure (i.e. coded very securely) or that the most secure looking isn’t in fact trivially exploitable, but it does provide some objective measure of the security of a large number of vehicles that wouldn’t be possible to examine in detail without a massive effort. It also provides…

Launch PDF
Charlie Miller & Chris Valasek
Library | WHITEPAPER | April 17, 2014

A Wake-up Call for SATCOM Security

Satellite Communications (SATCOM) play a vital role in the global telecommunications system. IOActive evaluated the security posture of the most widely deployed Inmarsat and Iridium SATCOM terminals. IOActive found that malicious actors could abuse all of the devices within the scope of this study.

Launch PDF
Ruben Santamarta
Library | WHITEPAPER | August 5, 2013

Car Hacking Made Affordable

This research focuses on reducing the barrier to entry for automotive security assessments. The goal is to increase the number of security researchers working in this area by providing step-by-step information on how to evaluate, test, and assess Electronic Control Units (ECUs) without requiring a vehicle. To accomplish the work described in this paper, you only need inexpensive electronics and an ECU. Most, if not all, of the equipment and vehicle parts can be acquired from third-party sources, such as eBay or Amazon.

Launch PDF
Charlie Miller & Chris Valasek
Library | WHITEPAPER | July 31, 2013

Adventures in Automotive Networks and Control Units

Previous research has shown that an attacker can execute remote code on the electronic control units (ECU) in automotive vehicles via interfaces such as Bluetooth and the telematics unit: This paper expands on the topic and describes how an attacker can influence a vehicle’s behavior. It includes examples of mission critical controls, such as steering, braking, and acceleration, being manipulated using Controller Area Network (CAN) messages.

Launch PDF
Charlie Miller & Chris Valasek

Biometric Security: Facial Recognition Testing

IOActive has conducted extensive research and testing of facial recognition systems on commercial mobile devices. Our testing included setups for 2D- and 3D-based algorithms, including technologies using stereo IR cameras. Discovering the underlying algorithms to find setups to bypass them, then calculating the Spoof Acceptance Rate (SAR).