6 min
IoT
A Quick Look at CES 2022
The first thing I noticed about CES 2022 was COVID’s impact on the event, which was more than just attendance size.
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 4
In this final post, we'll discuss how to gain full root access and successfully complete this exercise in IoT hacking.
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 3
The goal in this next phase of the IoT hacking exercise is to turn the console back on.
6 min
Research
Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 2
In part 2 of our series on Rapid7's IoT hacking exercise from DefCon 29, we look at how to determine whether the header we created is UART.
4 min
Research
Hands-On IoT Hacking: Rapid7 at DefCon IoT Village, Part 1
At this year's DefCon IoT Village, Rapid7 ran a hands-on hardware hacking exercise that exposed attendees to concepts and methods for IoT hacking.
3 min
IoT
HaXmas Hardware Hacking
This HaXmas, I decided to dig around a little in Rapid7's library of IoT investigations that never really went anywhere, just to see which tools were used.
5 min
Security Strategy
UPnP With a Holiday Cheer
For today’s discussion, this blog post will only cover the port forwarding services and will also share a Python script you can use to start examining this service.
2 min
Public Policy
Congress unanimously passes federal IoT security law
Congress passed a law to secure federal procurement and use of IoT devices, and require contractors to adopt coordinated vulnerability disclosure processes.
5 min
Public Policy
A step closer to stronger federal IoT security
The US House passed the IoT Cybersecurity Improvement Act, which would require federal procurement and use of IoT devices to conform to basic security requirements.
6 min
Public Policy
Internet of Things Cybersecurity Regulation and Rapid7
Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world.
7 min
Research
Building a Printed Circuit Board Probe Testing Jig
In this blog, we discuss how to build a printed circuit board (PCB) probe testing jig.
4 min
IoT
IoT Vuln Disclosure: Children's GPS Smart Watches (R7-2019-57)
In a recent IoT hacking training exercise, Rapid7 penetration testers set out to find vulnerabilities in a number of children's GPS-enabled smart watches.
3 min
IoT
IoT Security and Risk: What Is It, Where Is It Heading, and How Do We Embrace It?
In this blog, we discuss what security professionals should be doing to secure their IoT devices and where companies often go wrong with IoT security.
9 min
Vulnerability Disclosure
Investigating the Plumbing of the IoT Ecosystem (R7-2018-65, R7-2019-07) (FIXED)
Two vulnerabilities have been disclosed for Eaton's Home Lighting HALO Home Smart Lighting System and BlueCats' AA Beacon.
4 min
Research
Extracting Firmware from Microcontrollers’
Onboard Flash Memory, Part 4
In our fourth and final part of this ongoing series, we will conduct further firmware extraction exercises with the Texas Instruments RF microcontroller.