Drone Security and Fault Injection Attacks | Gabriel Gonzalez | IOActive Labs Blog
I recently published the full technical details to the research in this IOActive whitepaper. The use of Unmanned Aerial Vehicles (UAVs), commonly referred to as drones, continues to grow. Drones implement varying levels of security, with more advanced modules being resistant to typical embedded device attacks. IOActive’s interest is in developing one or more viable Fault Injection attacks against hardened UAVs. IOActive has been researching the possibility of achieving code execution on a commercially available drone with significant security features using non-invasive techniques, such as electromagnetic (EM)…
Drone Security and Fault Injection Attacks | Gabriel Gonzalez
Gabriel Gonzalez, IOActive Director of Hardware Security presents full technical detail of his research into drone security and side-channel/fault injection attacks in this whitepaper. The use of Unmanned Aerial Vehicles (UAVs), commonly referred to as drones, continues to grow. Drones implement varying levels of security, with more advanced modules being resistant to typical embedded device attacks. IOActive’s interest is in developing one or more viable Fault Injection attacks against hardened UAVs. This paper covers IOActive’s work in setting up a platform for launching side-channel and fault injection attacks using a…
Adventures in the Platform Security Coordinated Disclosure Circus
IOActive research members continue the work on UEFI security and coordinated disclosure challenges. Platform security is one of the specialized service lines IOActive offers and we have worked with many vendors across the industry. In a previous blog, IOActive research conducted research on various targets while developing tooling that we believe will help the industry make platform security improvements focused on AMD systems. In that blog we disclosed a number of security issues to ASUS and AMI in an SMM module called SecSMIFlash. This module garnered…
Interdependencies – Handshakes Between Critical Infrastructures | Ernie Hayden
As of this writing, the United States was recently threatened by a major railroad union strike. The railroads are a major element of the country’s critical infrastructure. Their shutdown could lead to multiple, cascading impacts on the delivery of goods and services, not only in the US but also in Canada and Mexico. Shipping lines could also be impacted by a railroad strike, since they will not be able to receive or offload containers and cargo to and from rail cars. Per a CNN article, a…
Exploring the security configuration of AMD platforms
TLDR: We present a new tool for evaluating the security of AMD-based platforms and rediscover a long-forgotten vulnerability class that allowed us to fully compromise SMM in the Acer Swift 3 laptop (see Acer’s advisory). Introduction In the last decade, a lot of interesting research has been published around UEFI and System Management Mode (SMM) security. To provide a bit of background, SMM is the most privileged CPU mode on x86-based systems; it is sometimes referred to as ring -2 as it is more privileged than the…
Remote Writing Trailer Air Brakes with RF | Ben Gardiner, NMFTA
Over the course of a few years and a pandemic, we (AIS and NMFTA) tested several tractor-trailers for the security properties of the trailer databus, J2497 aka PLC4TRUCKS. What we discovered was that 1) this traffic could be read remotely with SDRs and active antennas but, more importantly, 2) that valid J2497 traffic could be induced on the trailer databus using SDRs, power amplifiers and simple antennas. In this blog post we will introduce you to some concepts and the discoveries overall – for the full technical details please get…
NFC Relay Attack on Tesla Model Y
Josep Pi Rodriguez, Principal Security Consultant, walks you through the proof-of-concept and technical details of exploitation for the NFC relay attack research on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and we then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark’s BlueShark module. It is known in the vehicle security industry that NFC relay attacks (as well as Radio…
NFC Relay Attack on Tesla Model Y
Josep Pi Rodriguez, Principal Security Consultant, walks you through the proof-of-concept and technical details of exploitation for IOActive’s recent NFC relay attack research on the newest Tesla vehicle, the Model Y. To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and we then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi -Fi using the Proxmark’s BlueShark module. It’s well-known in the vehicle security industry that NFC relay attacks (as well as…
Vulnerability and Patch Management: Every Day is a Zero Day
SC Media on-demand presentation | John Sheehy, SVP of Research and Strategy, participated as a panelist on the CyberRisk Alliance’s eSummit live broadcast.Patch management can be an especially precarious proposition when you’re operating in a work environment where machines and devices must constantly remain operational. Hospitals, factories and power plants are among the many examples of settings where security professionals need to “keep the lights on,” even as they strive to ensure that software and hardware are hardened against the latest vulnerabilities and exploits. The discussion focused on the…
The Battle of Good versus Evil: Regulations and Cybersecurity | Urban Jonson
We all recognize the importance of the DRS Organization Policy within a GCP Org, now we’d like to discuss Cross-Domain Sharing, or XDS as we are calling it. Do you know where your organization’s identities are being used externally? If not, we want to share details on the risks and how SADA can help assess your GCP org.