Thought leaders in information security, we conduct radical, world-changing research and deliver renowned presentations around the world.
Blogs | INSIGHTS, RESEARCH | April 17, 2024

Accessory Authentication – part 2/3

This is Part 2 of a 3-Part series. You can find Part 1 here. Introduction In this post, we continue our deep dive comparison of the security processors used on a consumer product and an unlicensed clone. Our focus here will be comparing manufacturing process technology. We already know the sizes of both dies, so given the gate density (which can be roughly estimated from the technology node or measured directly by locating and measuring a 2-input NAND gate) it’s possible to get a rough estimate for gate count….

Andrew Zonenberg
Blogs | INSIGHTS, RESEARCH | April 17, 2024

Accessory Authentication – Part 1/3

Introduction Manufacturers of consumer electronics often use embedded security processors to authenticate peripherals, accessories, and consumables. Third parties wishing to build unlicensed products (clones) within such an ecosystem must defeat or bypass this security for their products to function correctly. In this series, the IOActive silicon lab team will take you on a deep dive into one such product, examining both the OEM product and the clone in detail. Fundamentally, the goal of a third party selling an unlicensed product is for the host system to recognize their product as…

Andrew Zonenberg
Disclosures | ADVISORIES | March 28, 2024

IOActive Security Advisory | KUNBUS Revolution Pi – Multiple Vulnerabilities

KUNBUS GmbH (KUNBUS) develops and offers products and solutions for industrial communication in automation, process, manufacturing and drive technology. This includes a comprehensive portfolio of real-time Ethernet and fieldbus-based protocol technology on state-of-the-art hardware platforms, as well as stacks suitable for the sensor level with IO-Link and IO-Link Wireless and the entry into wireless communication technology.

Get the Advisory
Ethan Shackelford
Blogs | EDITORIAL, RESEARCH | March 28, 2024

Hack the Sky: Adventures in Drone Security | Gabriel Gonzalez

Taking aim at the attack surface of these buzzy devices uncovers real-world risks In the grand theater of innovation, drones have their spot in the conversation near the top of a short list of real game changers, captivating multiple industries with their potential. From advanced military applications to futuristic automated delivery systems, from agricultural management to oil and gas exploration and beyond, drones appear to be here to stay. If so, it’s time we start thinking about the security of these complex pieces of airborne technology. The Imperative Around Drone…

Gabriel Gonzalez
Blogs | INSIGHTS | March 27, 2024

IOActive Presents at HARRIS 2024, a Unique Workshop for Chip Reverse Engineering | Tony Moor

The Hardware Reverse Engineering Workshop (HARRIS) is the first ever annual workshop devoted solely to chip reverse engineering, and 2024 was its second year. IOActive has been present both years, and this year I attended to see what all the fuss was about. Background The workshop is organized by the Embedded Security group of the Max Planck Institute for Security and Privacy (MPI-SP) together with Cyber Security in the Age of Large-Scale Adversaries (CASA) and

Tony Moor
Disclosures | ADVISORIES | March 21, 2024

IOActive Security Advisory | Movistar 4G Router – Multiple Vulnerabilities

IOActive found that the Android Debug Bridge (ADB) is listening on all interfaces and gives access to a shell with root privileges; a malicious actor with access to the same network that the router is providing access to will have full control of the device. A malicious actor can send a specific payload to the gui.cgi using the ping_traceroute_process functionality to execute arbitrary commands as the privileged root user. IOActive saw a general lack of protection against cross-site request forgery (CSRF) attacks. CVE-2024-2414, CVE-2024-2415, CVE-2024-2416

Get the Advisory
Gabriel Gonzalez
Disclosures | ADVISORIES | March 21, 2024

IOActive Security Advisory | Hikvision Camera Denial of Service

CVE-2023-28811. The Hikvision DS-7732NI-14(B) is a 32-channel Network Video Recorder (NVR). IOActive had the opportunity to assess the DS-7732NI-I4 and identified one high-risk vulnerability. This issue could be exploited to cause a denial of service (DoS) to the device.

Get the Advisory
Sergio Ruiz
Disclosures | ADVISORIES | March 5, 2024

IOActive Security Advisory | Socomec NET VISION – Multiple Vulnerabilities

IOActive Security Advisory/Disclosure document (CVE TBA) by Daniel Martinez, IOActive Senior Security Consultant, of the multiple vulnerabilities discovered in the Socomec NET VISION devices. Socomec, Inc. (Socomec) is an electrical equipment design and manufacturing company, specializing in low-voltage energy performance in terms of safety, service continuity, quality and energy efficiency. NET VISION is a professional network adapter for monitoring and controlling UPS units from a remote location. It allows direct connection of a UPS to the IPv4 or IPv6 Ethernet network, thereby enabling remote management of the UPS using a…

Daniel Martinez
Disclosures | ADVISORIES | March 5, 2024

IOActive Security Advisory | Lamassu Douro Bitcoin ATM – Multiple Vulnerabilities

Supporting security advisory/disclosure document (CVE-2024-0175, CVE-2024-0176 and CVE-2024-0177) supporting the Lamassu Douro Bitcoin ATM research by Gabriel Gonzalez, IOActive Director of Hardware Security. IOActive had access to few of these machines, specifically to Lamassu’s Douro ATM. This provided the team with the opportunity to assess the security of these devices – more specifically, to attempt to gain full control over them – assuming the role of an attacker with the same physical access to the device that a regular customer might have.

Gabriel Gonzalez

Blogs | EDITORIAL | March 1, 2024

Opinion: AGI Influencing the Secure Code Review Profession

It’s tough to be a secure code reviewer. There are already over 700 programming languages according to Wikipedia, and seemingly more languages materializing every year. Expectations are high that rapid developments in Artificial Generative Intelligence (AGI) will bring a new suite of languages and security issues that’ll have an oversized impact on software development. Consequently, secure software development lifecycle (SDL) processes and security code review are having to evolve rapidly. I’m both excited and nervous about AGI advancements in the world of software development and secure…

Gunter Ollmann

Commonalities in Vehicle Vulnerabilities

2022 Decade Examination Update | With the connected car now commonplace in the market, automotive cybersecurity has become the vanguard of importance as it relates to road user safety. IOActive has amassed over a decade of real-world vulnerability data illustrating the issues and potential solutions to cybersecurity threats today’s vehicles face.

This analysis is a major update and follow-up to the vehicle vulnerabilities report originally published in 2016 and updated in 2018. The goal of this 2022 update is to deliver current data and discuss how the state of automotive cybersecurity has progressed over the course of 10 years, making note of overall trends and their causes.