DeviceLine Radio: Josh "M0nk" Thomas On Mobile Attack Vectors

June 25, 2014

My guest today is Josh Thomas, aka M0nk. He's an Applied Research Scientist with Accuvant, and he's also an upcoming speaker at the Amphion Forum in Washington D.C. May 16 and 17. I spoke to him via telephone shortly after his return from Black Hat Europe 2013 and just before his upcoming talk at Infultrate to be held in mid-April in Miami Beach, Florida. I asked Josh to give us a preview of both his upcoming talks.

You can hear the full conversation, along with a recap of this week’s news here.

Or subscribe to DeviceLine Radio on iTunes.

Or you can read the full transcript of the conversation below.

Read More

DeviceLine Radio Show: Jonathan Knudson On Fuzzing Devices

June 25, 2014

The DevliceLine Radio Show, a new broadcast from the Mocana Corporation, provides a recap of the week’s embedded security news and analysis as well as interviews with industry experts who can provide context. This week host Robert Vamosi, CISSP and Senior Analyst, speaks with Jonathan Knudsen, Principal Security Engineer at Codenomicon and author, about his work fuzzing embedded devices. Like fuzzing software, the process of fuzzing devices includes creating malformed input and recording the responses. Knudson talked about the most common errors found with devices, and the increasing interest by certain industries in knowing the potential vulnerabilities with its products in advance of deployment.

You can hear the radio show here

Read More

Podcast: Mike Pontillo Talks About Software-Defined Networks (SDN)

June 24, 2014

Mike Pontillo, Senior Member of Technical Staff at Mocana, talks with host Robert Vamosi about software-defined virtual networks in the rebroadcast of an earlier podcast.

Read More

Podcast: James Burns on Internet-Accessible Device Vulnerabilities

June 24, 2014

In this week’s podcast, Mocana’s Senior Security Architect James Burns discusses Internet-accessible device vulnerabilities with host Robert Vamosi.

On May 16, researcher Justin Cacak, senior security engineer at Gotham Digital Science, told Wired.com he was able to view content from cameras made by MicroDigital, HIVISION, CTRing and a variety of other cameras that are rebranded. Cacak worked with Rapid7 to develop testing tools for its Metasploit product, allowing companies to see whether their systems are vulnerable. The tool can also be used by criminal hackers to identify targets. In January of this year, the researchers at Rapid7 announced remote vulnerabilities in teleconferencing systems.

Read More

Podcast: Jay Radcliffe on Medical Device Security

June 24, 2014

In this week’s podcast, Mocana’s Threat Center Director Jay Radcliffe discusses medical device security with host Robert Vamosi.

At last summer's Black Hat and Defcon security conferences, Radcliffe drew parallels with the SCADA industry when he gave a personal account of his experience of having Type 1 diabetes and how various devices he uses control his diabetes could be manipulated by “evil doers." The insulin pump replaces the actions of the liver (which secretes sugar) and the pancreas (which secretes insulin). Too much blood sugar can overtax the kidneys and too little blood sugar can shut the body down. Radcliffe related these bodily processes to industrial SCADA systems which also regulate pressure in gas and electric utilities—too much and the system blows, too little and the electrical or water system shuts down.

Read More
COMMENTS