RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Library | WHITEPAPER | January 11, 2018

SCADA and Mobile Security in the IoT Era

Two years ago, we assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but Internet of Things (IoT) mania was only starting. Our research concluded the combination of SCADA systems and mobile applications had the potential to be a very dangerous and vulnerable cocktail. In the introduction of our paper, we stated “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].”

Launch PDF
Ivan Yushkevich & Alexander Bolshev
Library | WHITEPAPER | July 1, 2017

Go Nuclear: Breaking Radiation Monitoring Devices

Radioactivity is a part of our environment; we are continuously exposed to natural radiation arising from the Earth and even from outer space. We are also exposed to artificial sources of radiation, derived from human activities. Ionizing isotopes are used across multiple sectors: agriculture, medicine, research, biochemistry, and manufacturing. The need for sophisticated devices to measure and detect the presence of radiation seems clear. Critical infrastructure, such as nuclear power plants, seaports, borders, and even hospitals, are equipped with radiation-monitoring devices. This equipment detects and prevents threats ranging from smuggling…

Launch PDF
Ruben Santamarta
Library | WHITEPAPER | February 27, 2017

Hacking Robots Before Skynet

Robots are going mainstream. Similar to other new technologies, we’ve found robot technology to be insecure in a variety of ways, and that insecurity could pose serious threats to the people and organizations they operate in and around. This paper is based on our own research, in which we discovered critical cybersecurity issues in several robots from multiple vendors. We describe the currently available technology, some of the threats posed by a compromised robot, the types of cybersecurity issues we discovered, as well as security recommendations based on the findings….

Launch PDF
Lucas Apa & Cesar Cerrudo
Library | WHITEPAPER | August 3, 2016

Securing the Connected Car: Commonalities in Vehicle Vulnerabilities

With the Connected Car becoming commonplace in the market, vehicle cybersecurity grows more important by the year. At the forefront of this growing area of security research, IOActive has amassed real-world vulnerability data illustrating the general issues and potential solutions to the cybersecurity issues facing today’s vehicles. This paper explains the differences in testing methodologies, with recommendations on the most appropriate methods for testing connected vehicle systems. Detailed findings follow, including the impact, likelihood, overall risk, and remediation of vulnerabilities IOActive consultants have discovered over the course of thousands of…

Launch PDF
Corey Thuen
Library | WHITEPAPER | July 1, 2016

Assessing and Exploiting XML Schema’s Vulnerabilities

Specifications for XML and XML schemas include multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. This provides a complex scenario for developers, and a fun environment for hackers. Even though we use XML schemas to define the security of XML documents, we also use them to perform a variety of attacks: file retrieval, server side request forgery, port scanning, or brute forcing. This talk will analyze how to infer new attack vectors by analyzing the current vulnerabilities, and how it is…

Launch PDF
Fernando Arnaboldi
Library | WHITEPAPER | August 5, 2015

Remote Exploitation of an Unaltered Passenger Vehicle

Since 2010, several automotive security researchers have demonstrated the ability to inject messages into the CAN bus of a car, capable of affecting the physical systems of the vehicle. The widespread criticism of these methods as viable attack vectors was the claim that there was not a way for an attacker to inject these types of messages without close physical access to the vehicle. In this paper, Chris Valasek and Charlie Miller demonstrate that remote attacks against unaltered vehicles is possible.

Launch PDF
Chris Valasek & Charlie Miller
Library | WHITEPAPER | July 1, 2015

An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks

Cities around the world are becoming increasingly smart, which creates huge attack surfaces for potential cyber attacks. In this paper, IOActive Labs CTO Cesar Cerrudo provides an overview of current cyber security problems affecting cities as well real threats and possible cyber attacks that could have a huge impact on cities. Cities must take defensive steps now, and Cesar offers recommendations to help them get started.

Launch PDF
Cesar Cerrudo
Library | PRESENTATION | July 30, 2014

DC22 Talk: Killing the Rootkit

By Shane Macaulay I’ll  be at DefCon22 a to present information about a high assurance tool/technique that helps to detect hidden processes (hidden by a DKOM type rootkit).  It works very well with little bit testing required (not very “abortable” http://takahiroharuyama.github.io/blog/2014/04/21/memory-forensics-still-aborted/). The process  also works recursively (detect host and guest processes inside a host memory dump). Plus, I will also be at our IOAsis (http://ioasislasvegas.eventbrite.com/?aff=PRIOASIS) , so come through for a discussion and a demo.

Commonalities in Vehicle Vulnerabilities

2022 Decade Examination Update | With the connected car now commonplace in the market, automotive cybersecurity has become the vanguard of importance as it relates to road user safety. IOActive has amassed over a decade of real-world vulnerability data illustrating the issues and potential solutions to cybersecurity threats today’s vehicles face.

This analysis is a major update and follow-up to the vehicle vulnerabilities report originally published in 2016 and updated in 2018. The goal of this 2022 update is to deliver current data and discuss how the state of automotive cybersecurity has progressed over the course of 10 years, making note of overall trends and their causes.

ACCESS THE REPORT


IOACTIVE CORPORATE OVERVIEW (PDF)IOACTIVE SERVICES OVERVIEW (PDF)


IOACTIVE ARCHIVED WEBINARS