30 May, 2018

Life path embedded bugs from 0- to 1-days

“As Gregor Samsa awoke one morning from uneasy dreams he found himself transformed in his bed into a gigantic insect.” Franz Kafka, The Metamorphosis. The IoT world enjoys tremendous growth with new devices being released to the market every day. Unfortunately, cybercriminals forge ahead as well since the number of attacks on IoT devices is
1 May, 2018

Who’s Watching the Watchers (Vol. II): Norton Core Secure WiFi Router

Recently, the articles on hacking IoT devices and their poor security are whirling over the media. In conjunction with that, Trustwave has published its report. There, it is stated that the number of those enterprises that use IoT devices is growing, and, consequently, so does the likelihood of stumbling across security issues a device may
11 April, 2018

Reflecting upon OWASP TOP-10 IoT Vulnerabilities

It’s no secret the implementation of security mechanisms and services in embedded devices is far from perfect. Known categories of vulnerabilities of smart devices are well described in Top IoT Vulnerabilities. To prove the relevance of this list, we’ve provided examples of vulnerable devices for each type. We hope, it’ll demonstrate the full scale of
29 March, 2018

Cisco Smart Install Remote Code Execution

Introduction Application: Cisco IOS, Cisco IOS-XE Vendor: Cisco Bugs: Stack-based buffer overflow [CWE-20], [CWE-121] Risk: Critical; AV:N/AC:L/Au:N/C:C/I:C/A:C (10.0) A stack-based buffer overflow vulnerability was found in Smart Install Client code. This vulnerability enables an attacker to remotely execute arbitrary code without authentication. So it allows getting full control over a vulnerable network equipment. Smart Install
7 March, 2018

DJI Spark hijacking

It is no pleasant experience at all for anyone to get the valuable property bought with the money you have earned with your blood, sweat, and tears stolen by some unknown cybercriminal. The Internet of Things (IoT) is developing with the rapid pace, and the devices that can be controlled remotely have become an indispensable
11 January, 2018

SCADA And Mobile Security In The Internet Of Things Era

Two years ago, the authors assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but IoT mania was only beginning. In that paper, the authors stated, “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].”

Today, the idea of putting logging, monitoring, and even supervisory/control functions in the cloud is not so farfetched. The purpose of this paper is to discuss how the landscape has evolved over the past two years and assess the security posture of SCADA systems and mobile applications in this new IoT era.