by Danny Rosseau | Jan 13, 2020 | Exploits, IOT, Labs
Back when I first read about this thing called “hacking” I thought I’d be spending all my days overflowing NSA buffers with plagiarized shell code and going by some cool hacker name like “1337BadGeR”. Sadly for me, upon entering the actual world, I had to get back in...
by Danny Rosseau | Aug 22, 2019 | Android, Exploits, IOT, Labs, Mobile, Techniques
When this Project Zero report came out I started thinking more about USB as an interesting attack surface for IoT devices. Many of these devices allow users to plug in a USB and then perform some actions with that USB automatically, and that automatic functionality...
by Ángel Suárez-Bárcena Martín | Jul 26, 2018 | IOT, Labs, Techniques, Tools
In this series of blogposts we will cover advanced, security focused, aspects of the ESP8266 /ESP32 SoCs such as sniffing and injecting 802.11 and bluetooth packets, building proof-of-concept network implant devices, etc. The ESP8266 is a low-cost Wi-Fi capable...
by Brad Dixon | Apr 3, 2018 | IOT, Threat Modelling
I spent time in January improving my understanding of Global Navigation Satellite System (GNSS) technology and working on lab techniques to test GNSS dependency during security assessments. GNSS is a broader term referring to all satellite positioning systems such as...
by Brad Dixon | Sep 20, 2017 | IOT, Techniques
A very typical security assessment and penetration test for Carve involves a device, multiple RF communications interfaces (cellular, WiFi, Bluetooth, ZigBee, some mutant 802.15.4 based stack, etc.) and one or more back-end services. Getting access to all of these...
by Brad Dixon | Aug 6, 2016 | Exploits, IOT, Labs, Techniques
One of the most critical issues that we look for when we assess an embedded/IoT device is secrets that are shared across the device population. Usually, finding these secrets involves gaining full access to our own device in order to find out how other devices may be...
