2 min
Research
Poorly Purged Medical Devices Present Security Concerns After Sale on Secondary Market
In Security Implications from Improper De-acquisition of Medical Infusion Pumps Rapid7 performs a physical and technical teardown of more than a dozen medical infusion pumps.
2 min
IoT
Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing
A look at the various components that make up Smart Cities with the goal of having a model to help better understand the various security concerns as we plan for our Smart City future.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 4
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to gain root access over the device's secure shell protocol (SSH).
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 3
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to modify the data we've extracted.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1
Rapid7 returned to DEF CON 30 and participated at the IoT Village with another hands-on hardware hacking exercise.
7 min
Vulnerability Disclosure
Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)
Rapid7 discovered vulnerabilities in two TCP/IP-enabled medical devices produced by Baxter Healthcare.
3 min
Research
Evaluating the Security of an Enterprise IoT Deployment at Domino's Pizza
Recently, I had a great opportunity to work with Domino's Pizza to evaluate an internally conceived Internet of Things (IoT)-based business solution.
8 min
Research
Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip
In this post, we cover how to dead-bug a flash memory chip to help aid your IoT hacking research.
3 min
Ransomware
Is the Internet of Things the Next Ransomware Target?
What would it take for IoT to be the target of ransomware? This post takes a closer look.
6 min
IoT
A Quick Look at CES 2022
The first thing I noticed about CES 2022 was COVID’s impact on the event, which was more than just attendance size.
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 4
In this final post, we'll discuss how to gain full root access and successfully complete this exercise in IoT hacking.
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 3
The goal in this next phase of the IoT hacking exercise is to turn the console back on.
6 min
Research
Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 2
In part 2 of our series on Rapid7's IoT hacking exercise from DefCon 29, we look at how to determine whether the header we created is UART.
4 min
Research
Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1
At this year's DefCon IoT Village, Rapid7 ran a hands-on hardware hacking exercise that exposed attendees to concepts and methods for IoT hacking.