pin2pwn: How to Root an Embedded Linux Box with a Sewing Needle
Sat, 06 Aug 2016

One of the most critical issues that we look for when we assess an embedded/IoT device is secrets that are shared across the device population. Usually, finding these secrets involves gaining full access to our own device in order to find out how other devices may be affected. For example, an LTE router may have a service account hard-coded into its firmware to allow for remote support. If we can recover the account credentials and method of access, we can "service" any device that is accessible to us. This post is about one of the methods we use to ...

IoT Hacking: Peeking in IPSEC tunnels with Wireshark
Fri, 30 Oct 2015

IPSEC locked the door? Use xt_TEE to inspect IPSEC traffic before encryption.