Always Updated Awards 2024 Blog
We are excited to announce that IOActive received multiple prestigious awards wins this year! Keep this blog bookmarked to always stay up-to-date on the company’s accomplishments throughout 2024. Last updated September 30, 2024 IOActive was honored for its ability to maximize security investments and enhance clients’ overall security posture and business resilience. Unlike many organizations that default to defensive strategies, we at IOActive go beyond standard penetration testing to provide clients with red and purple team services that exceed typical assessments. We prioritize a comprehensive understanding of cyber adversaries through…
Untested Is Untrusted: Penetration Tests and Red Teaming Key to Mature Security Strategy
Organizations need to know how well their defenses can withstand a targeted attack. Red team exercises and penetration tests fit the bill, but which is right for your organization? Information security at even well-defended enterprises is often a complex mesh of controls, policies, people, and point solutions dispersed across critical systems both inside and outside the corporate perimeter. Managing that murky situation can be challenging for security teams, many of whom are understaffed and forced to simply check as many of the boxes as they can on the organization’s framework…
Bits to Binary to Bootloader to Glitch: Exploiting ROM for Non-invasive Attacks
In this paper, we explore how ROM can be leveraged to perform a non-invasive attack (i.e., voltage glitching) by a relatively unsophisticated actor without a six-figure budget. We begin by explaining what ROM is, why it is used, and how it can be extracted. What exactly is ROM? Put simply, Read-Only Memory (ROM) is a type of Non-Volatile Memory (NVM) that is constructed as physical structures within chips. The structures are patterned as ones and zeroes on one, and only one, of several layers of the chip. Why just…
Lessons Learned and S.A.F.E. Facts Shared During Lisbon’s OCP Regional Summit
I don’t recall precisely what year the change happened, but at some point, the public cloud became critical infrastructure with corresponding high national security stakes. That reality brought rapid maturity and accompanying regulatory controls for securing and protecting the infrastructure and services of cloud service providers (CSPs). Next week at the 2024 OCP Regional Summit in Lisbon, teams will be sharing new security success stories and diving deeper into the technical elements and latest learnings in securing current generation cloud infrastructure devices. IOActive will be present throughout the event,…
Accessory Authentication – part 3/3
This is Part 3 of a 3-Part series. You can find Part 1 here and Part 2 here. Introduction In this post, we continue our deep dive comparison of the security processors used on a consumer product and an unlicensed clone. Our focus here will be identifying and characterizing memory arrays. Given a suitably deprocessed sample, memories can often be recognized as such under low magnification because of their smooth, regular appearance with distinct row/address decode logic on the perimeter, as compared to analog circuitry (which contains many…
Accessory Authentication – part 2/3
This is Part 2 of a 3-Part series. You can find Part 1 here and Part 3 here. Introduction In this post, we continue our deep dive comparison of the security processors used on a consumer product and an unlicensed clone. Our focus here will be comparing manufacturing process technology. We already know the sizes of both dies, so given the gate density (which can be roughly estimated from the technology node or measured directly by locating and measuring a 2-input NAND…
Accessory Authentication – Part 1/3
This is Part 1 of a 3-Part series. You can find Part 2 here and Part 3 here. Introduction Manufacturers of consumer electronics often use embedded security processors to authenticate peripherals, accessories, and consumables. Third parties wishing to build unlicensed products (clones) within such an ecosystem must defeat or bypass this security for their products to function correctly. In this series, the IOActive silicon lab team will take you on a deep dive into one such product, examining both the OEM product and the clone…
IOActive Security Advisory | KUNBUS Revolution Pi – Multiple Vulnerabilities
KUNBUS GmbH (KUNBUS) develops and offers products and solutions for industrial communication in automation, process, manufacturing and drive technology. This includes a comprehensive portfolio of real-time Ethernet and fieldbus-based protocol technology on state-of-the-art hardware platforms, as well as stacks suitable for the sensor level with IO-Link and IO-Link Wireless and the entry into wireless communication technology.
Hack the Sky: Adventures in Drone Security | Gabriel Gonzalez
Taking aim at the attack surface of these buzzy devices uncovers real-world risks In the grand theater of innovation, drones have their spot in the conversation near the top of a short list of real game changers, captivating multiple industries with their potential. From advanced military applications to futuristic automated delivery systems, from agricultural management to oil and gas exploration and beyond, drones appear to be here to stay. If so, it’s time we start thinking about the security of these complex pieces of airborne technology. The Imperative Around Drone…
IOActive Presents at HARRIS 2024, a Unique Workshop for Chip Reverse Engineering | Tony Moor
The Hardware Reverse Engineering Workshop (HARRIS) is the first ever annual workshop devoted solely to chip reverse engineering, and 2024 was its second year. IOActive has been present both years, and this year I attended to see what all the fuss was about. Background The workshop is organized by the Embedded Security group of the Max Planck Institute for Security and Privacy (MPI-SP) together with Cyber Security in the Age of Large-Scale Adversaries (CASA) and