by Brad Dixon | Sep 20, 2017 | IOT, Techniques
A very typical security assessment and penetration test for Carve involves a device, multiple RF communications interfaces (cellular, WiFi, Bluetooth, ZigBee, some mutant 802.15.4 based stack, etc.) and one or more back-end services. Getting access to all of these...
by Brad Dixon | Dec 2, 2016 | Techniques
If you own a consumer-grade network router then you have likely used a web browser to configure the router and set up your network. For commercial and industrial applications networking devices typically implement a command-line interface, more commonly just called a...
by Brad Dixon | Aug 6, 2016 | Exploits, IOT, Labs, Techniques
One of the most critical issues that we look for when we assess an embedded/IoT device is secrets that are shared across the device population. Usually, finding these secrets involves gaining full access to our own device in order to find out how other devices may be...
by Brad Dixon | Oct 30, 2015 | IOT, Techniques
IPSEC is often the go-to security measure for IoT devices that must connect back to their home-base for logging, software upgrades, or other communication needs. When doing an initial security survey of a device you’ll want access to those tunnels to get a peek...