RESOURCES

Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Disclosures | ADVISORIES | July 25, 2024

IOActive Security Advisory | Fortinet FortiGate – Cross-site Scripting in SSL VPN

Affected Products VersionAffectedFortiOS 7.47.4.0 through 7.4.3FortiOS 7.27.2.0 through 7.2.7FortiOS 7.07.0.0 through 7.0.13FortiOS 6.46.4 all versionsFortiProxy 7.47.4.0 through 7.4.3FortiProxy 7.27.2.0 through 7.2.9FortiProxy 7.07.0.0 through 7.0.16 Background Fortinet, Inc. (Fortinet) is a global leader of cybersecurity solutions and services that provides protection against cyber threats. It is a company that develops and sells security products and solutions, such as firewalls, endpoint security, intrusion prevention systems, web filtering, antivirus, sandbox, and VPN. FortiGate is a network security device that provides protection against cyber threats. The device can perform various…

Get the Advisory
Jamie Riden
Blogs | INSIGHTS, RESEARCH | July 25, 2024

5G vs. Wi-Fi: A Comparative Analysis of Security and Throughput Performance

Introduction In this blog post we compare the security and throughput performance of 5G cellular to that of WiFi. This work is part of the research IOActive published in a recent whitepaper (https://bit.ly/ioa-report-wifi-5g), which was commissioned by Dell. We used a Dell Latitude 7340 laptop as an end-user wireless device, a Panda Wireless® PAU06 as a WiFi access point, and an Ettus Research™ Universal Software Radio Peripheral (USRP™) B210 as a 5G base station to simulate a typical standalone 5G configuration and three typical WiFi network…

Ethan Shackelford James Kulikowski & Vince Marcovecchio
Blogs | INSIGHTS, RESEARCH | July 23, 2024

WiFi and 5G: Security and Performance Characteristics Whitepaper

IOActive compared the security and performance of the WiFi and 5G wireless protocols by simulating several different network types and reproducing attacks from current academic research in a Dell-commissioned study. In total, 536 hours of testing was performed between January and February 2024 comparing each technologies’ susceptibility to five categories of attack: user tracking, sensitive data interception, user impersonation, network impersonation, and denial of service. IOActive concluded that a typical standalone 5G network is more resilient against the five categories of attack than a typical WiFi network….

Ethan Shackelford James Kulikowski & Vince Marcovecchio
Disclosures | ADVISORIES | June 21, 2024

IOActive Security Advisory | MásMóvil Comtrend Router –  Multiple Vulnerabilities

Affected Products MásMóvil Comtrend Router – Version: ES_WLD71-T1_v2.0.201820HW Version: GRG-4280usFW Version: QR51S404 SW Version: MMV-C04_R10 Timeline 2023-08-24: IOActive discovers vulnerability 2023-09-12: IOActive begins vulnerability disclosure with affected parties 2024-06-10: The corresponding CNA released the CVEs to public domain. 2024-06-21: IOActive advisory published

Get the Advisory
Gabriel Gonzalez
Blogs | INSIGHTS | June 18, 2024

Recent and Upcoming Security Trends in Cloud Low-Level Hardware Devices: A survey

The rapid evolution of cloud infrastructures has introduced complex security challenges, particularly concerning all of the processing devices and peripheral components that underpin modern data centers. Recognizing the critical need for robust and consistent cloud security standards, technology firms, developers, and cybersecurity experts established the Open Compute Project Security Appraisal Framework and Enablement (OCP S.A.F.E.) Program. At the 2024 OCP Regional Summit in Lisbon, I was joined by my colleague Alfredo Pironti, Director of Services at IOActive, to present a deep dive into the security of cloud infrastructures, the threats…

Sean Rivera
Blogs | INSIGHTS, RESEARCH | May 30, 2024

The Security Imperative in Artificial Intelligence

Artificial Intelligence (AI) is transforming industries and everyday life, driving innovations once relegated to the realm of science fiction into modern reality. As AI technologies grow more integral to complex systems like autonomous vehicles, healthcare diagnostics, and automated financial trading platforms, the imperative for robust security measures increases exponentially. Securing AI is not only about safeguarding data but also about ensuring the core systems — in particular, the trained models that really put the “intelligence” in AI — function as intended without malicious interference. Historical lessons from earlier technologies offer…

Gunter Ollmann
Blogs | INSIGHTS | May 28, 2024

5 Signs You’re Ready for a Red Team

We often talk about security as a continuum; a journey toward greater maturity and increased capability. Along that path, the practice of red team testing serves as an important milestone, not just for the benefits it offers, but also for what participating in red teaming says about the state of security — overall posture, culture, commitment to continuous improvement — in any organization. Red team tests remain one of the most effective ways to probe defenses and identify vulnerabilities. And unlike traditional penetration tests,

IOActive Red Team
Blogs | EDITORIAL, INSIGHTS | May 22, 2024

Transportation Electrification Cybersecurity Threatscape

World-Wide Electric Vehicle (EV) Charging Infrastructure Trends The global push to meet rising EV adoption with sufficient EV smart charger infrastructure is astoundingly challenging. Bloomberg estimates the global charging infrastructure market opportunity to be $1.9T between 2022 and 2050. That opportunity will be seized upon by a host of organizations large and small, public and private. From EV fleet depots to fast charging stations along highwaysparking garagessmart chargers for employees, and home chargers,…

Kevin Harnett
Blogs | INSIGHTS, RESEARCH | May 16, 2024

Field-Programmable Chips (FPGAs) in Critical Applications – What are the Risks?

What is an FPGA? Field-Programmable Gate Arrays (FPGAs) are a type of Integrated Circuit (IC) that can be programmed or reprogrammed after manufacturing. They consist of an array of logic blocks and interconnects that can be configured to perform various digital functions. FPGAs are commonly used in applications where flexibility, speed, and parallel processing capabilities are required, such as telecommunications, automotive, aerospace, and industrial sectors. FPGAs are often found in products that are low volume or demand short turnaround time because they can be purchased off the shelf and programmed…

Blogs | INSIGHTS, RESEARCH | May 15, 2024

Evolving Cyber Threatscape: What’s Ahead and How to Defend

The digital world is a dangerous place. And by all accounts, it’s not getting a whole lot better. Damages from cybercrime will top a staggering $8 trillion this year, up from an already troubling $1 trillion just five years ago and rocketing toward $14 trillion by 2028. Supply chains are becoming juicier targets, vulnerabilities are proliferating, and criminals with nation-state support are growing more active and more sophisticated. Ransomware, cryptojacking, cloud compromises, and AI-powered shenanigans are all on a hockey-stick growth trajectory. Looking ahead, there are few sure…

IOActive