30 May, 2018

Life path embedded bugs from 0- to 1-days

“As Gregor Samsa awoke one morning from uneasy dreams he found himself transformed in his bed into a gigantic insect.” Franz Kafka, The Metamorphosis. The IoT world enjoys tremendous growth with new devices being released to the market every day. Unfortunately, cybercriminals forge ahead as well since the number of attacks on IoT devices is
11 April, 2018

Reflecting upon OWASP TOP-10 IoT Vulnerabilities

It’s no secret the implementation of security mechanisms and services in embedded devices is far from perfect. Known categories of vulnerabilities of smart devices are well described in Top IoT Vulnerabilities. To prove the relevance of this list, we’ve provided examples of vulnerable devices for each type. We hope, it’ll demonstrate the full scale of
30 January, 2018

Grim IoT Reaper: 1- and 0-day vulnerabilities at the service of botnets

On the 19th of October, 2017, the world of IoT shuddered, facing a new enemy – a huge botnet that would be later called Reaper. Reaper is grim and is by far grimmer than the notorious Mirai botnet. According to the data provided by 360 Netlab, it has already infected approximately 30,000 smart-devices, and about
22 June, 2017

Killchain of IoT Devices. Part 2

Thousands of security incidents related to embedded-devices show us that devices do not provide the security level we can rely on. Sure thing, manufacturers use some technics like secure boot, firmware signature, etc., but mostly they take such measures only for expensive and enterprise devices. Just think: what kinds of security mechanisms are implemented in
8 June, 2017

Killchain of IoT Devices. Part 1

Manufacturers are constantly trying to make smart-devices cheaper for both themselves and customers. Consequently, a manufacturer has to sacrifice security of a device in favor of its cost, size, and low energy consumption. These gadgets differ from each other by business logic, security logic, and human-device interaction method. Consumers should always keep in mind that