Posts by Deral Heiland

7 min Vulnerability Disclosure

Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)

Rapid7 discovered vulnerabilities in two TCP/IP-enabled medical devices produced by Baxter Healthcare.

3 min Research

Evaluating the Security of an Enterprise IoT Deployment at Domino's Pizza

Recently, I had a great opportunity to work with Domino's Pizza to evaluate an internally conceived Internet of Things (IoT)-based business solution.

8 min Research

Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip

In this post, we cover how to dead-bug a flash memory chip to help aid your IoT hacking research.

3 min Ransomware

Is the Internet of Things the Next Ransomware Target?

What would it take for IoT to be the target of ransomware? This post takes a closer look.

6 min IoT

A Quick Look at CES 2022

The first thing I noticed about CES 2022 was COVID’s impact on the event, which was more than just attendance size.

6 min IoT

Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 4

In this final post, we'll discuss how to gain full root access and successfully complete this exercise in IoT hacking.

6 min IoT

Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 3

The goal in this next phase of the IoT hacking exercise is to turn the console back on.

6 min Research

Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 2

In part 2 of our series on Rapid7's IoT hacking exercise from DefCon 29, we look at how to determine whether the header we created is UART.

4 min Research

Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1

At this year's DefCon IoT Village, Rapid7 ran a hands-on hardware hacking exercise that exposed attendees to concepts and methods for IoT hacking.

5 min Security Strategy

UPnP With a Holiday Cheer

For today’s discussion, this blog post will only cover the port forwarding services and will also share a Python script you can use to start examining this service.

7 min Research

Building a Printed Circuit Board Probe Testing Jig

In this blog, we discuss how to build a printed circuit board (PCB) probe testing jig.

3 min IoT

Risks in Disposing of IoT Embedded Technology

In this blog, Deral Heiland discusses the potential risks in disposing of IoT embedded technology.

4 min Haxmas

All I Want for Christmas Is a Big Box of Quirky IoT

Here is a roundup of some of the quirkiest pieces of IoT tech I have collected for my IoT research lab.

4 min IoT

IoT Security and Risk: What Is It, Where Is It Heading, and How Do We Embrace It?

In this blog, we discuss what security professionals should be doing to secure their IoT devices and where companies often go wrong with IoT security.

4 min Research

Extracting Firmware from Microcontrollers’ Onboard Flash Memory, Part 4: Texas Instrument RF Microcontrollers

In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.