Owning a Bitcoin ATM
Nowadays, Bitcoin and cryptocurrencies might look lees popular than they did just a few years ago. However, it is still quite common to find Bitcoin ATMs in numerous locations. IOActive had access to few of these machines, specifically to Lamassu’s Douro ATM (https://lamassu.is). This provided us with the opportunity to assess the security of these devices – more specifically, to attempt to achieve full control over them. Figure 1. Lamassu Douro Bitcoin ATM In this post, we’ll explain all the steps we followed to identify a series of vulnerabilities (CVE-2024-0175,…
Navigating the Cybersecurity Threatscape of Today’s Airports
Everything is ‘Connected’ in Today’s Modern Airports Cybersecurity in global aviation is increasingly dependent on vulnerabilities in Information Technology (IT) and Operational Technology (OT) systems. The definition of OT systems in this context is defined as hardware and software dedicated to detecting or causing changes in physical processes through direct monitoring and/or control of physical devices such as valves or pumps. OT systems are much less organized and are rarely monitored as closely as conventional IT networks. Airports use several critical OT systems, including baggage handling, airport refueling systems, runway lights,…
A SAFE Journey to Selling Devices to Cloud and Datacenter Providers
Observations from the OCP Global Summit | San Jose, CA | October, 18, 2023 If you missed it, there was a significant launch of the Open Compute Project (OCP) Foundation’s new community-led security program for improving device security underpins a fundamental change in the way device vendors and manufacturers engage and sell their products to the worlds leading cloud and datacenter providers. Beyond standing up a framework for driving continuous security conformance assurance, the Security Appraisal Framework and…
Commonalities in Vehicle Vulnerabilities | 2022 Decade Examination | Samantha Beaumont
With the connected car now commonplace in the market, automotive cybersecurity has become the vanguard of importance as it relates to road user safety. At the forefront of transportation cybersecurity research, IOActive has amassed over a decade of real-world vulnerability data illustrating the issues and potential solutions to cybersecurity threats today’s vehicles face. This analysis is a major update and follow-up to IOActive’s paper on vehicle vulnerabilities originally published in 2016 and updated in 2018. The goal of this 2022 update is to deliver…
IOActive Silicon Security Services
Our silicon security team helps risk managers, product owners, designers, and cybersecurity professionals understand and manage the emerging risks of silicon-level and hardware-based supply chain attacks. IOActive has spent over two decades at the forefront of cybersecurity research and providing critical security services fueled by the research. As the security of systems (and systems of systems) increasingly depends upon proper hardware security design and implementation, we have invested in honing silicon-level attack techniques that complement the advanced expertise we have long developed in identifying the embedded-device, side-channel, and fault-injection attacks. …
Shuffle Up and Deal: Analyzing the Security of Automated Card Shufflers | Joseph Tartaro, Enrique Nissim, Ethan Shackelford
Joseph Tartaro, Principal Security Consultant, Enrique Nissim, Principal Security Consultant, and Ethan Shackelford, Associate Principal Security Consultant, conducted a comprehensive analysis of the security aspects of ShuffleMaster’s Deck Mate 1 (DM1) and Deck Mate 2 (DM2) automated shuffler machines. Primarily used at poker tables, these machines are widely adopted by casinos and cardrooms and are commonly used in private games. While the primary objective of these devices is to enhance game speed by assisting dealers in shuffling, they also ensure security through various deck checks, and their control over the…
Back to the Future with Platform Security
Introduction During our recent talk at HardwearIO (see here, slides here) we described a variety of AMD platform misconfigurations that could lead to critical vulnerabilities, such as: TSEG misconfigurations breaking SMRAM protections SPI controller misconfigurations allowing SPI access from the OS Platform Secure Boot misconfigurations breaking the hardware root-of-trust Here we are providing a brief overview of essential registers settings and explain how our internally developed tool Platbox (see here) can be used to verify them and ultimately exploit them. SMM Protections…
Applying Fault Injection to the Firmware Update Process of a Drone
IOActive recently published a whitepaper covering the current security posture of the drone industry. IOActive has been researching the possibility of using non-invasive techniques, such as electromagnetic (EM) side-channel attacks or EM fault injection (EMFI), to achieve code execution on a commercially available drone with significant security features. For this work, we chose one of the most popular drone models, DJI’s Mavic Pro. DJI is a seasoned manufacturer that emphasizes security in their products with features such as signed and encrypted firmware, Trusted Execution Environment (TEE),…
Drone Security and Fault Injection Attacks | Gabriel Gonzalez | IOActive Labs Blog
I recently published the full technical details to the research in this IOActive whitepaper. The use of Unmanned Aerial Vehicles (UAVs), commonly referred to as drones, continues to grow. Drones implement varying levels of security, with more advanced modules being resistant to typical embedded device attacks. IOActive’s interest is in developing one or more viable Fault Injection attacks against hardened UAVs. IOActive has been researching the possibility of achieving code execution on a commercially available drone with significant security features using non-invasive techniques, such as electromagnetic (EM)…
Drone Security and Fault Injection Attacks | Gabriel Gonzalez
Gabriel Gonzalez, IOActive Director of Hardware Security presents full technical detail of his research into drone security and side-channel/fault injection attacks in this whitepaper. The use of Unmanned Aerial Vehicles (UAVs), commonly referred to as drones, continues to grow. Drones implement varying levels of security, with more advanced modules being resistant to typical embedded device attacks. IOActive’s interest is in developing one or more viable Fault Injection attacks against hardened UAVs. This paper covers IOActive’s work in setting up a platform for launching side-channel and fault injection attacks using a…