Bold Statements
This blog post is the continuation of our parcel research. We already reported about how we broke parcel tracking at DHL and the disclosure process of the identified problems. As DHL is not the only parcel service in Germany, we also investigated the other available parcel services. In this blog post, we want to talk about DPD, also called Geopost, which belongs to the French Post Office.
Continue reading “Breaking DPD Parcel Tracking”
Continue readingThe Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue reading “ManiMed: Ypsomed AG – mylife YpsoPump System Vulnerabilities”
Continue readingThe Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue reading “ManiMed: Hamilton Medical AG – HAMILTON-T1 Ventilator Vulnerabilities”
Continue readingThe Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue reading “ManiMed: B. Braun Melsungen AG – Space System Vulnerabilities”
Continue readingThe Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue reading “ManiMed: Innokas Yhtymä Oy – VC150 Patient Monitor Vulnerabilities”
Continue readingThe Federal Office for Information Security (BSI) aims to sensitize manufacturers and the public regarding security risks of networked medical devices in Germany. In response to the often fatal security reports and press releases of networked medical devices, the BSI initiated the project Manipulation of Medical Devices (ManiMed) in 2019. In this project, a security analysis of selected products is carried out through security assessments followed by Coordinated Vulnerability Diclosure (CVD) processes. The project report was published on December 31, 2020, and can be accessed on the BSI website [1].
Continue readingIn the last blog post, we discussed how fuzzers determine the uniqueness of a crash. In this blog post, we discuss how we can manually triage a crash and determine the root cause. As an example, we use a heap-based buffer overflow I found in GNU readline 8.1 rc2, which has been fixed in the newest release. We use GDB and rr for time-travel debugging to determine the root cause of the bug.
Continue reading “Root Cause Analysis of a Heap-Based Buffer Overflow in GNU Readline”
Continue readingNSX-T is a Software-Defined-Networking (SDN) solution of VMware which, as its basic functionality, supports spanning logical networks across VMs on distributed ESXi and KVM hypervisors. The central controller of the SDN is the NSX-T Manager Cluster which is responsible for deploying the network configurations to the hypervisor hosts.
This summer, I looked into the mechanism which is used to add new KVM hypervisor nodes to the SDN via the NSX-T Manager. By tracing what happens on the KVM host, I discovered that the KVM hypervisor got instructed to download the NSX-T software packages from the NSX-T Manager via unencrypted HTTP and install them without any verification. This enables a Man-in-the-Middle (MITM) attacker on the network path to replace the downloaded packages with malicious ones and compromise the KVM hosts.
After disclosing this issue to VMware, they developed fixes and published the vulnerability in VMSA-2020-0023 assigning a CVSSv3 base score of 7.5.
Continue reading “VMware NSX-T MITM Vulnerability (CVE-2020-3993)”
Continue readingRecently I discovered some vulnerabilities in GNU Readline. These bugs have been fixed in GNU Readline version 8.1.
Continue reading “Vulnerabilities in GNU Readline Fixed”
Continue readingWith this blog post I am pleased to announce the publication of a new ERNW White Paper [1]. The paper is about severe vulnerabilities in an insulin pump we assessed during project ManiMed and we are proud to publish this subset of the results today.
Continue reading “ERNW White Paper 69 – Safety Impact of Vulnerabilities in Insulin Pumps”
Continue reading