History
IOActive was founded in 1998 by Joshua Pennell. At the time when cybersecurity research was an emerging field, Joshua Pennell established his reputation as a cybersecurity force - with his team winning the Capture the Flag competition for three consecutive years at DEF CON. He currently serves as the firm’s Founder and Chairman of the Board. Since 1998, IOActive has continued to provide highly specialized, research-driven security services including full-stack penetration testing, program efficacy assessments, red team services, and hardware hacking – leveraging a unique attacker’s perspective to every engagement to maximize security investments and improve the security posture and operational resiliency of Global 1000 clients. IOActive prioritizes innovative cybersecurity research for the institutional and enterprise markets, having notable research projects within the fields of: embedded systems, industrial control systems, transportation, ATMs, aviation, military technologies, smart cities, and medical devices, amongst many others. In 2018, IOActive was awarded CREST accreditation for its penetration testing services. In 2019, the company was recognized as one of the “Most Important Industry Companies of the Last 30 Years” by ''SC Media'' in their 30th Anniversary Awards.Research
ATM Hack
In 2010,Robot Hack
In 2017, IOActive deployed a project to “build a foundation of practical cyberattacks against robot ecosystems.” In their robot hacking project, they directly tested core components in robotics, such as mobile applications, operating systems, firmware images, and software. Their research encompassed robotics in home, business, and industrial applications, mindful of how robotics and Internet of Things technologies are converging in many ways. Without having to conduct a “deep, extensive security audit,” they found 50 cybersecurity vulnerabilities in the robot ecosystem components. Many of those vulnerabilities are commonly found. One common theme they discovered is that robots are often designed and sold without considering their cybersecurity implications.Car Hack
In 2015, IOActive researchers constructed a demo withBoeing 787 security analysis
In 2020, IOActive’s Principal Security Consultant Ruben Santamarta became aware of the FAA’s (Federal Aviation Administration) warning to operators of Boeing 787 aircraft. When an aircraft has been operating continuously for 51 consecutive days, they’re advised to completely shut down the plane’s electrical power. Santamarta analyzed the Boeing 787’s CCS (Common Core System, its computing) and CDN (Common Data Network) to determine what could be the reason for the FAA’s warning. This is text from the FAA’s directive: “The FAA has received a report indicating that the stale-data monitoring function of CCS may be lost when continuously powered on for 51 days. This could lead to undetected or unannunciated loss of CDN message age validation, combined with a CDN switch failure. The CDN handles all the flight-critical data (including airspeed, altitude, attitude, and engine operation), and several potentially catastrophic failure scenarios can result from this situation. Potential consequences include: • Display of misleading primary attitude data for both pilots. • Display of misleading altitude on both pilots’ primary flight displays (PFDs). • Display of misleading airspeed data on both pilots’ PFDs, without annunciation of failure, coupled with the loss of stall warning, or over-speed warning * Display of misleading engine operating indications on both engines. The potential loss of the stale-data monitoring function of the CCS when continuously powered on for 51 days, if not addressed, could result in erroneous flight-critical data being routed and displayed as valid data, which could reduce the ability of the flight crew to maintain the safe flight and landing of the airplane.” Santamarta hypothesized that there could be a problem in the CDN’s EDE protocol packet headers which makes the age validation and time management inconsistent. If EDE packets stop being able to be sequenced accurately after an extended period of the CCS’s operation, pilots may not be able to get proper altitude data, engine operation metrics, speed warnings, or other critical data needed to safely operate a large aircraft. Santamarta stresses that his analysis is only a hypothesis, as IOActive doesn’t have direct access to a Boeing 787 aircraft for security testing purposes.ICS attacks through barcode scanners
In 2020, IOActive analyzed how ICS (industrial control systems) can be exploited by threat actors through barcode scanners. Barcode usage is omnipresent through the retail and industrial sectors. They are primarily implemented for inventory management and item tracking purposes. They explained how because the handheld barcode scanners used in retail stores and industrial warehouses are usually configured to act as HID keyboards, it’s possible to inject keystroke combinations that can compromise the host computer where the barcode scanner is connected. They also analyzed how SICK CLV62x-65x barcode scanners support “profile programming” barcodes, which can be another cyber attack vector. “Profile programming” barcodes are custom generated, and when scanned they can directly modify settings in a device without involving a host computer. SICK CLV62x-65x devices are often used in airport baggage and cargo handling. An attacker may be able to physically present a malicious profile programming barcode to a device that can either render it inoperable or change its settings to facilitate further attacks. IOActive tested the attack on a SICK CLV650 and discovered that it works. This can have profound implications for airport security.SATCOM Security
Overview
In 2014, IOActive discovered major vulnerabilities in satellite communication (SATCOM) equipment that could be abused to hijack and disrupt communications links to airplanes, ships, military operations, and industrial facilities. These design flaws would allow attackers to run their own code, install malicious= Cobham GMDSS
= Insecure protocol could compromise the entire terminal communications suite, in which an attacker could control devices by data spoofing or disrupting communications through the installation of malicious firmware. TheBiometric hacking
In 2022, IOActive researchers conducted a security assessment of both 2D and 3D-IR based face authentication algorithms in some Android smartphones-- Samsung S10(+), OnePlus 7 Pro, Nokia 9 Pure View, Xiaomi Mi 9, and Vivo V15 Pro. Sometimes race and gender impacts the effectiveness of facial recognition technology, so IOActive used a small but diverse group of test subjects-- an Asian man, an Asian woman, an African American man, an African American woman, and a Caucasian man. None of the test subjects had registered their faces with any of the devices. The way the facial biometrics are intended to work is that the owner of the device scans their face. The device registers it as the face belonging to its legitimate owner, and only a user with that face can unlock the device. IOActive discovered that the phones’ facial biometrics didn’t always work as intended. They found that the African American man was able to unlock four of the five devices, despite his face not being the one registered in the biometrics application. The Asian woman was able to unlock three of the devices that weren’t registered with her face. The African American woman was able to unlock two of the devices that hadn’t registered her face. The Asian man was able to unlock one of the devices that hadn’t registered his face. The Caucasian man wasn’t able to unlock any of the devices.Tesla NFC relay attack
NFC (near-field communication) technology can be used to unlock many smart cars. In 2022, IOActive devised a proof-of-concept cyber attack to exploit a particular NFC vulnerability in Tesla Model Y vehicles. From Rodriguez’s whitepaper:https://act-on.ioactive.com/acton/attachment/34793/f-6460b49e-1afe-41c3-8f73-17dc14916847/1/-/-/-/-/NFC-relay-TESlA_JRoriguez.pdf “To successfully carry out the attack, IOActive reverse-engineered the NFC protocol Tesla uses between the NFC card and the vehicle, and we then created custom firmware modifications that allowed a Proxmark RDV4.0 device to relay NFC communications over Bluetooth/Wi-Fi using the Proxmark’s BlueShark module.” When IOActive disclosed the exploit to Tesla, they said that the vulnerability is mitigated with their “PIN to Drive” feature. But using the feature is optional, not default. Tesla owners may not be aware that the feature exists, nor the importance of using it.References
{{Reflist Computer security companies