[Meta Analysis] Rick and Morty S3E1: The Hacker’s Episode
Hi folks, I’m a huge Rick and Morty fan. Sometimes while watching it, I notice allegories and puns related to security, privacy, physics, psychology, and a wide range of scientific fields. Because of this, I’ve decided to review some Rick and Morty episode and share my observations with the wonderful folks who work in these fields and those who aspire to đ Enjoy! A machine force feeding a human. Being brutally and utterly dedicated to our whims, the robots show us how perverted…
Are You Trading Securely? Insights into the (In)Security of Mobile Trading Apps
The days of open shouting on the trading floors of the NYSE, NASDAQ, and other stock exchanges around the globe are gone. With the advent of electronic trading platforms and networks, the exchange of financial securities now is easier and faster than ever; but this comes with inherent risks. From the beginning, bad actors have also joined Wall Streetâs party, developing clever models for fraudulent gains. Their efforts have included everything from fictitious brokerage firms that ended up being Ponzi schemes[1] to organized cells…
The Other Side of Cloud Data Risk
What Iâm writing here isnât about whether you should be in the cloud or not. Thatâs a complex question, itâs highly dependent on your business, and experts could still disagree even after seeing all of the inputs What I want to talk about is two distinct considerations when looking at the risk of moving your entire company to the cloud. There are many companies doing this, especially in the Bay Area. CRM, HR, Emailâitâs all cloud, and the number of cloud vendors totals in the hundreds, perhaps even thousands. Weâre…
Heavy Trucks and Electronic Logging Devices: What Could Go Wrong?
Former IOActive researcher, Corey Thuen, provides a security overview presentation of the various vulnerabilities affecting the trucking industry systems, with a focus on ELD vulnerabilities. (presentation PDF – Black Hat 2017)
Exploiting Industrial Collaborative Robots
Traditional industrial robots are boring. Typically, they are autonomous or operate with limited guidance and execute repetitive, programmed tasks in manufacturing and production settings.1 They are often used to perform duties that are dangerous or unsuitable for workers; therefore, they operate in isolation from humans and other valuable machinery. This is not the case with the latest generation collaborative robots (âcobotsâ) though. They function with co-workers in shared workspaces while respecting safety standards. This generation of robots works hand-in-hand with humans, assisting them, rather than just performing automated, isolated operations. Cobots can learn movements, âseeâ through…
IOActive Labs: Breaking Embedded Devices (Black Hat)
IOActive researchers give you an inside view of the IOActive Labs research facilities and highlight research hacking ATMs, Segways, and skimmers.
Physical and Authentication Bypass in Diebold Opteva ATM
Historically, ATMs have been designed without privileged separation between the safe and the internal operating system. In an attempt to address this security concern, Diebold developed the AFD platform. The Opteva line of ATMs with the AFD platform contain an upper cabinet for the operating system and a lower cabinet for the safe, each with its own authentication requirements. Using reverse engineering and protocol analysis, IOActive found a critical vulnerability in the tested version of the Opteva ATM with the AFD platform. Despite its separation of privilege and authentication requirements,…
Multiple Critical Vulnerabilities Found in Popular Motorized Hoverboards
Not that long ago, motorized hoverboards were in the news â according to widespread reports, they had a tendency to catch on fire and even explode. Hoverboards were so dangerous that the National Association of State Fire Marshals (NASFM) issued a statement recommending consumers âlook for indications of acceptance by recognized testing organizationsâ when purchasing the devices. Consumers were even advised to not leave them unattended due to the risk of fires. The Federal Trade Commission has since established requirements that any hoverboard imported to the US meet baseline…
Ninebot by Segway miniPRO Vulnerabilities
Ninebot Limited, which purchased Segway Inc. in 2015, sells a line of self-balancing motorized electric scooters used for transportation under 30km/h. Recently, issues regarding the safety of scooters have surfaced, primarily caused by poor manufacturing quality or a general lack of safety-centered design.
Go Nuclear: Breaking Radiation Monitoring Devices
Radioactivity is a part of our environment; we are continuously exposed to natural radiation arising from the Earth and even from outer space. We are also exposed to artificial sources of radiation, derived from human activities. Ionizing isotopes are used across multiple sectors: agriculture, medicine, research, biochemistry, and manufacturing. The need for sophisticated devices to measure and detect the presence of radiation seems clear. Critical infrastructure, such as nuclear power plants, seaports, borders, and even hospitals, are equipped with radiation-monitoring devices. This equipment detects and prevents threats ranging from smuggling…