After a couple of years in pentesting Telco Networks, I’d like to give you some insight into our pentesting methodology and setup we are using for testing “Mobile and Telecommunication Devices”. I am not talking about pentesting professional providers’ equipment (as in previous blogposts), it is about pentesting of devices that have a modem in place like a lot of IoT devices (you know about the fridge having a GSM Modem, right?) do.
Continue reading “Some Notes on Utilizing Telco Networks for Penetration Tests”
Tag: IoT
Discover the Unknown: Analyzing an IoT Device
This blog post will give a brief overview about how a simple IoT device can be assessed. It will show a basic methodology, what tools can be used for different tasks and how to solve problems that may arise during analyses. It is aimed at readers that are interested in how such a device can be assessed, those with general interest in reverse engineering or the ones who just want to see how to technically approach an unknown device.
This post will most likely not cover any vulnerabilities per se. However, it outlines weaknesses which affect a wide range of IoT devices so various aspects are applicable to other devices and scenarios.
Continue reading “Discover the Unknown: Analyzing an IoT Device”
Continue readingThe road to secure Smart Cars: ENISA approach
At TROOPERS16, Dr. Cédric LÉVY-BENCHETON an expert in cyber security at ENISA, the European Union Agency for Network and Information Security. Dr. Cédric LÉVY-BENCHETON holds a presentation about cyber security of IoT (Internet of Things) and smart cars he presents the current threats in IoT and Smart cars. ENISA is an agency of the European Union. ENISA assists the Commission, the Member States and, the business community in meeting the requirements of network and information security. Continue reading “The road to secure Smart Cars: ENISA approach”
Continue readingHow easy to grow robust botnet with low hanging fruits (IoT) – for free
Attila Marosi works as a Senior Threat Research at Sophos Labs in Hungary. His talk focused on vulnerable IoT devices that are exposed to the internet. His approach was to look for vulnerable devices with low cost tools and publicly available data.
He started his talk with the spoiler that he is not going to reveal any new attacks nor new techniques. But newer data are more adequate and we can see the current state of vulnerable devices connected to the internet. This means his approach was to test the state of IoT devices like Routers, NAS and so on with publicly available data. Continue reading “How easy to grow robust botnet with low hanging fruits (IoT) – for free”
Continue reading13th escar Europe conference | Embedded Security in Cars
Last week I had the pleasure to attend the “escar” (Embedded Security in Cars) conference in Cologne, Germany.
Arriving late Tuesday, I had the chance to get a rich breakfast before joining the con in the hotel Dorint at Cologne’s famous place the Heumarkt. Unfortunately I had to deal with two stumbling blocks on my way to the Dobrint: The magnetic sensor of my mobile which went crazy (no compass) and – the date. 11th of November in Cologne means just one thing – carneval! The whole city was just in a state of exception. Everybody on my way to the venue seemed to be drinking or beeing already drunk – at 9am! 😉
Being a little late, I went straight to the room after registration. As there was only one track to follow you could not miss any talk – nice thing!
After we were welcomed by the hosts, and the first talk started.
“Green Lights Forever: Analyzing the Security of Traffic Infrastructure” by Allen Hillaker
The con’s first talk was presented by Allen Hillaker. He was speaking about the security of mostly wireless traffic lights and their infrastructure in the US.
Allen presented the design of a typical traffic intersection which is connected via a radio to the road agency. He also described what happens, when a malfunction is triggered and the malfunction management unit sets the traffic lights to a well known (safe) state.
The traffic lights usually operate at 900MHz or 5.8GHz using a protocol similar to 802.11 (Wifi) without strong safety. They gathered access to the networks by using same model radio the systems at the intersections were using. As possible attacks Denial of Service, the change of the traffic lights’ timings and individual light control were named. To mitigate this, he suggested to use WPA, not broadcasting SSIDs, the use of firewalls, firmware updates and – of course – changing the default credentials. Continue reading “13th escar Europe conference | Embedded Security in Cars”
Car Hacking Lab – Work in Progress
We just wanted to share some impressions from our car hacking lab:
stay tuned,
The ERNW Car Hacking Team
Continue reading
Scal(e)ing down Privacy
As you might know we are continuously doing research on medical devices. I presented some of the new results at Power of Community 2014 last week and we thought we would share some of the details with you here. The focus of the previous work was testing medical devices that are used in hospitals like patient monitors, syringe pumps or even MRIs. This time we looked at a device that every user can use at home and which is available to anyone on the market: A smart scale.
The scale implements some basic features as you might have guessed, that is measuring your weight. In this case there are a lot more additional features that you can use, e.g. measuring the air quality, the room temperature, your heart rate and your fat mass. The latter makes testing this device quite hard, because somebody has to step on it and the results were not funny at all and will be kept secret! 😉
Continue reading “Scal(e)ing down Privacy”
Continue reading