11 January, 2018

SCADA And Mobile Security In The Internet Of Things Era

Two years ago, the authors assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but IoT mania was only beginning. In that paper, the authors stated, “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].”

Today, the idea of putting logging, monitoring, and even supervisory/control functions in the cloud is not so farfetched. The purpose of this paper is to discuss how the landscape has evolved over the past two years and assess the security posture of SCADA systems and mobile applications in this new IoT era.

14 November, 2017

Skeleton in the closet. MS Office vulnerability you didn’t know about

Introduction What is the beginning of a typical research? Any research begins with detecting vulnerabilities with common tools. Although the process does not require much time and effort, it works well.Detection procedure is focused on vulnerabilities in third-party libraries used in outdated software and widely known to the IT community. A developer creates different versions […]
10 November, 2017

How To Cook Cisco

Introduction This white paper is intended to reveal intricacies of Cisco vulnerabilities exploitation. All the information presented in this research is based on our experience and updates other researchers’ experience and knowledge. The very process of exploiting Cisco vulnerabilities depends heavily on a specific vulnerability and a gadget. We encourage you to think of the […]
24 October, 2017

UEFI BIOS holes. So Much Magic. Don’t Come Inside.

Introduction In recent years, embedded software security has become a red-hot topic, attracting the attention of high profile security researchers from all around the globe. However, the quality of code is still far from perfect as long as its security is considered. For instance, the CVE-2017-5721 SMM Privilege Elevation vulnerability in the firmware could affect […]
12 October, 2017

Hack ATM with an anti-hacking feature and walk away with $1M in 2 minutes

Introduction The Embedi team focuses not only on the security of embedded/smart devices and firmware for computers but also on critical devices, such as ATMs. ATMs consist of various devices with their own firmware. Application Control solutions fall into the type of software that appeals to our interests the most. These are now widely available […]
5 October, 2017

Bypassing Intel Boot Guard

In recent years, there is an increasing attention to the UEFI BIOS security. As a result, there are more advanced technologies created to protect UEFI BIOS from illegal modifications. One of such technologies is Intel Boot Guard (BG) – a hardware-assisted BIOS integrity verification mechanism available since Haswell microarchitecture (2013). So-called «UEFI rootkits killer» this […]