10 July, 2018

Dangerous Reality Inside of VR headset: HTC Vive

Introduction The subject of VR has become a modern trend bringing the neon visions of the masters of cyberpunk stories and novels closer to reality. So, it comes as no surprise that it has been lost only on very few. With years, VR headsets grew far more affordable than they had been at the start
30 May, 2018

Life path embedded bugs from 0- to 1-days

“As Gregor Samsa awoke one morning from uneasy dreams he found himself transformed in his bed into a gigantic insect.” Franz Kafka, The Metamorphosis. The IoT world enjoys tremendous growth with new devices being released to the market every day. Unfortunately, cybercriminals forge ahead as well since the number of attacks on IoT devices is
1 May, 2018

Who’s Watching the Watchers (Vol. II): Norton Core Secure WiFi Router

Recently, the articles on hacking IoT devices and their poor security are whirling over the media. In conjunction with that, Trustwave has published its report. There, it is stated that the number of those enterprises that use IoT devices is growing, and, consequently, so does the likelihood of stumbling across security issues a device may
24 April, 2018

First glance on OS VRP by Huawei

Up to now, a lot of research articles about Cisco and Juniper hardware and software has been published, but there is almost nothing on Huawei. In 2012, Felix ‘FX’ Lindner presented his research “Hacking Huawei VRP,” where he described internals of command subsystem and memory management of Versatile Routing Platform – Huawei’s own network operating
11 April, 2018

Reflecting upon OWASP TOP-10 IoT Vulnerabilities

It’s no secret the implementation of security mechanisms and services in embedded devices is far from perfect. Known categories of vulnerabilities of smart devices are well described in Top IoT Vulnerabilities. To prove the relevance of this list, we’ve provided examples of vulnerable devices for each type. We hope, it’ll demonstrate the full scale of
29 March, 2018

Cisco Smart Install Remote Code Execution

Introduction Application: Cisco IOS, Cisco IOS-XE Vendor: Cisco Bugs: Stack-based buffer overflow [CWE-20], [CWE-121] Risk: Critical; AV:N/AC:L/Au:N/C:C/I:C/A:C (10.0) A stack-based buffer overflow vulnerability was found in Smart Install Client code. This vulnerability enables an attacker to remotely execute arbitrary code without authentication. So it allows getting full control over a vulnerable network equipment. Smart Install