Hacking Wireless Ghosts Vulnerable For Years
Is the risk associated to a Remote Code Execution vulnerability in an industrial plant the same when it affects the human life? When calculating risk, certain variables and metrics are combined into equations that are rendered as static numbers, so that risk remediation efforts can be prioritized. But such calculations sometimes ignore the environmental metrics and rely exclusively on exploitability and impact. The practice of scoring vulnerabilities without auditing the potential for collateral damage could underestimate a cyber attack that affects human safety in an industrial plant and leads to…
An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks
Cities around the world are becoming increasingly smart, which creates huge attack surfaces for potential cyber attacks. In this paper, IOActive Labs CTO Cesar Cerrudo provides an overview of current cyber security problems affecting cities as well real threats and possible cyber attacks that could have a huge impact on cities. Cities must take defensive steps now, and Cesar offers recommendations to help them get started.
Vulnerability disclosure the good and the ugly
I can’t believe I continue to write about disclosure problems. More than a decade ago, I started disclosing vulnerabilities to vendors and working with them to develop fixes. Since then, I have reported hundreds of vulnerabilities. I often think I have seen everything, and yet, I continue to be surprised over and over again. I wrote a related blog post a year and a half ago (Vulnerability bureaucracy: Unchanged after 12 years), and I will continue to write about disclosure problems until it’s no longer needed. Everything is…
CyberLock CyberKey-based Access Control Solutions
CyberLock CyberKey-based access control solutions can be easily cloned, and new keys can be created from lost cylinders and keys regardless of the permissions granted to the key.
Lenovo System Update Multiple Privilege Escalations
CVE-2015-2219 Local, least-privileged users can run commands as the SYSTEM user. CVE-2015-2233 Local and potentially remote attackers can bypass signature validation checks and replace trusted Lenovo applications with malicious applications. CVE-2015-2234 Local, unprivileged users can run commands as an administrative user.
Petcube Remote Wireless Pet Camera Vulnerabilities
The security and privacy of Petcube users could be compromised through unauthorized access.
Lawsuit counterproductive for automotive industry
It came to my attention that there is a lawsuit attempting to seek damages against automakers revolving around their cars being hackable. The lawsuit cites Dr. Charlie Miller’s and my work several times, along with several other researchers who have been involved in automotive security research. I’d like to be the first to say that I think this lawsuit is unfortunate and subverts the spirit of our research. Charlie and I approached our work with the end goals of determining if technologically advanced cars could be controlled with CAN messages…
Life in the Fast Lane
Hi Internet Friends, Chris Valasek here. You may remember me from educational films such as “Two Minus Three Equals Negative Fun”. If you have not heard, IOActive officially launched our Vehicle Security Service offering. I’ve received several questions about the service and plan to answer them and many more during a webinar I am hosting on February 5, 2015 at 11 AM EST. Some of the main talking points include: Why dedicate an entire service offering to vehicles and transportation? A brief history of vehicle security research and why…
X Font Service Protocol Handling Issues in libXfont Library
Ilja van Sprundel, an IOActive security researcher, discovered several issues in the way the libXfont library handles the responses it receives from XFS servers. Mr. van Sprundel has worked with X.Org’s security team to analyze, confirm, and fix these issues. Most of these issues stem from libXfont trusting the font server to send valid protocol data and not verifying that the values will not overflow or cause other damage. This code is commonly called from the X server when an X Font Server is active in the font path, so…
Die Laughing from a Billion Laughs
Recursion is the process of repeating items in a self-similar way, and that’s what the XML Entity Expansion (XEE)[1] is about: a small string is referenced a huge number of times. Technology standards sometimes include features that affect the security of applications. Amit Klein found in 2002 that XML entities could be used to make parsers consume an unlimited amount of resources and then crash, which is called a billion laughs attack. When the XML parser tries to resolve, the external entities that are included cause the application to start…