Smart Home Devices: assets or liabilities? – Part 3: Looking at the future

This blog post is the last part of a series, if you are interested in the security or privacy of smart home devices, be sure to check out the other parts as well! TL;DR: In our previous blog posts we concluded that there is quite a long way to go for both security and privacy … Continue reading Smart Home Devices: assets or liabilities? – Part 3: Looking at the future

Will they melt? Testing the resistance of flash memory chips

Firmware: the holy grail of most Internet of Things (IoT) security assessments! Sometimes, getting access to a device's firmware can be as easy as visiting the vendor's website. Other times, the only option is to dump it directly from the hardware, and this is where things get interesting. Some procedures used for dumping can expose … Continue reading Will they melt? Testing the resistance of flash memory chips

Enabling Verified boot on Raspberry Pi 3

TL;DR: Verified boot is a fundamental security technology and it is important to be able to experiment with it on easily accessible hardware. However, creating a Verified boot demo on a Raspberry Pi 3 is harder than it sounds. We set out to find resources on the internet. Unfortunately, some of these were outdated, others … Continue reading Enabling Verified boot on Raspberry Pi 3

Hacking Connected Home Alarm Systems – The Expensive [part 2]

TL;DR: We were wondering whether price affects the security of IoT appliances. So we verified the security of two differently priced connected home alarm systems. Both IoT alarms are marketed as an easy solution to protect your home. Unfortunately we find this not to be the case as we identified multiple critical vulnerabilities in both systems.  … Continue reading Hacking Connected Home Alarm Systems – The Expensive [part 2]

Hacking Connected Home Alarm Systems – The Cheap [Part 1]

TL;DR: We were wondering whether price affects the security of IoT appliances. So we verified the security of two differently priced connected home alarm systems. Both IoT alarms are marketed as an easy solution to protect your home. Unfortunately we find this not to be the case as we identified multiple critical vulnerabilities in both systems. … Continue reading Hacking Connected Home Alarm Systems – The Cheap [Part 1]

A 30-minute sweep of Industrial Control Systems in Belgium

TLDR; We found several ICS systems in Belgium that were exposed to the internet without requiring any authentication. Screenshots below. Update 19/12: We've also had some coverage in the media about this research. 'De Standaard' did an article about it and so did 'Datanews' (in Dutch and in French). Industrial Control Systems (ICS) is the … Continue reading A 30-minute sweep of Industrial Control Systems in Belgium