GE Grid Solutions Reason RT430 GNSS Precision-Time Clock Multiple Vulnerabilities
GE Grid Solutions’ Reason RT430 GNSS Precision-Time Clock is referenced to GPS and GLONASS satellites. Offering a complete solution, these clocks are the universal precision time synchronization units, with an extensive number of outputs which supports many timing protocols. including the DST rules frequently used on power systems applications. In accordance with IEEE 1588 Precision Time Protocol (PTP), the RT430 is capable of providing multiple IEDs synchronization with better than 100ns time accuracy over Ethernet networks. Despite being likely to never lose time synchronization from satellites, the RT430 GNSS features…
A Reverse Engineer’s Perspective on the Boeing 787 ‘51 days’ Airworthiness Directive
Several weeks ago, international regulators announced that they were ordering Boeing 787 operators to completely shut down the plane’s electrical power whenever it had been running for 51 days without interruption.1 The FAA published an airworthiness directive elaborating on the issue, and I was curious to see what kind of details were in this document. While I eventually discovered that there wasn’t much information in the FAA directive, there was just enough to put me on track to search for the root cause of the issue. This blog post will…
Hacking and Securing LoRaWAN Networks
LoRaWAN is becoming the most popular low-power wide-area network (LPWAN) open standard protocol used around the world for Smart Cities, IIoT, Smart Building, etc. LoRaWAN protocol has “built-in encryption” making it “secure by default.” This results in many users blindly trusting LoRaWAN networks without being diligent in assessing security concerns; the implementation issues and weaknesses can make the networks vulnerable to hacking. Currently, much of the cybersecurity problems of LoRaWAN networks, are not well known. Also, there are no available tools for LoRaWAN network security testing/auditing and attack detection, which…
IOActive Services Overview
Security services for your business, situation, and risks. With our breadth and depth of services offerings across more environments than any other firm today, we can deliver specific, high-value recommendations based on your business, unique situation, and the risk you face.
Mismatch? CVSS, Vulnerability Management, and Organizational Risk
I’ll never forget a meeting I attended where a security engineer demanded IT remediate each of the 30,000 vulnerabilities he had discovered. I know that he wasn’t just dumping an unvetted pile of vulnerabilities on IT; he’d done his best to weed out false-positive results, other errors, and misses before presenting the findings. These were real issues, ranked using the Common Vulnerability Scoring System (CVSS). There can be no doubt that in that huge (and overwhelming) pile were some serious threats to the organization and its digital assets. The reaction…
Using Red Team and Purple Team Services to Strengthen Enterprise Security
Red team exercises provide organizations a real-world perspective on the efficacy of their security operations and incident response capabilities. The ability to identify a security incident quickly and respond efficiently is critical to protecting the information and assets most important to your company’s bottom line. In this webinar, John Sawyer, Director of Services at IOActive, will discuss the collaborative benefits of red and purple teams and how it enhances the ability for enterprise blue teams to fully understand the visibility into each stage of a targeted attack from beginning to…
10 Laws of Disclosure
In my 20+ years working in cyber security, I’ve reported more than 1000 vulnerabilities to a wide variety of companies, most found by our team at IOActive as well as some found by me. In reporting these vulnerabilities to many different vendors, the response (or lack thereof) I got is also very different, depending on vendor security maturity. When I think that I have seen everything related to vulnerability disclosures, I’ll have new experiences – usually bad ones – but in general, I keep seeing the same problems over and…
GE Reason S20 Industrial Managed Ethernet Switch Multiple Vulnerabilities
The S20 Ethernet Switch is a device manufactured by GE Grid Solution which is deployed in industrial environments. This device is part of ICS/SCADA architectures. Stored XSS flaws can result in a large number of possible exploitation scenarios. With most XSS flaws, the entirety of the JavaScript language is available to the malicious user.
pppd Vulnerable to Buffer Overflow Due to a Flaw in EAP Packet Processing (CVE-2020-8597)
Due to a flaw in the Extensible Authentication Protocol (EAP) packet processing in the Point-to-Point Protocol Daemon (pppd), an unauthenticated remote attacker may be able to cause a stack buffer overflow, which may allow arbitrary code execution on the target system. This vulnerability is due to an error in validating the size of the input before copying the supplied data into memory. As the validation of the data size is incorrect, arbitrary data can be copied into memory and cause memory corruption possibly leading to the execution of unwanted code.
Do You Blindly Trust LoRaWAN Networks for IoT?
Do you blindly trust that your IoT devices are being secured by the encryption methods employed by LoRaWAN? If so, you’re not alone. Long Range Wide Area Networking (LoRaWAN) is a protocol designed to allow low-power devices to communicate with Internet-connected applications over long-range wireless connections. It’s being adopted by major organizations across the world because of its promising capabilities. For example, a single gateway (antenna) can cover an entire city, hundreds of square miles. With more than 100 million LoRaWAN-connected devices in use across the globe, many cellular carriers…