DeviceLine Radio: Josh "M0nk" Thomas On Mobile Attack Vectors

By Robert Vamosi | 3/21/13 10:00 PM

My guest today is Josh Thomas, aka M0nk. He's an Applied Research Scientist with Accuvant, and he's also an upcoming speaker at the Amphion Forum in Washington D.C. May 16 and 17. I spoke to him via telephone shortly after his return from Black Hat Europe 2013 and just before his upcoming talk at Infultrate to be held in mid-April in Miami Beach, Florida. I asked Josh to give us a preview of both his upcoming talks.

You can hear the full conversation, along with a recap of this week’s news here.

Or subscribe to DeviceLine Radio on iTunes.

Or you can read the full transcript of the conversation below.

Read More >

DeviceLine Radio Show: Jonathan Knudson On Fuzzing Devices

By Robert Vamosi | 1/10/13 10:21 PM

The DevliceLine Radio Show, a new broadcast from the Mocana Corporation, provides a recap of the week’s embedded security news and analysis as well as interviews with industry experts who can provide context. This week host Robert Vamosi, CISSP and Senior Analyst, speaks with Jonathan Knudsen, Principal Security Engineer at Codenomicon and author, about his work fuzzing embedded devices. Like fuzzing software, the process of fuzzing devices includes creating malformed input and recording the responses. Knudson talked about the most common errors found with devices, and the increasing interest by certain industries in knowing the potential vulnerabilities with its products in advance of deployment.

You can hear the radio show here

Read More >

Podcast: Mike Pontillo Talks About Software-Defined Networks (SDN)

By Robert Vamosi | 7/6/12 1:39 AM

Mike Pontillo, Senior Member of Technical Staff at Mocana, talks with host Robert Vamosi about software-defined virtual networks in the rebroadcast of an earlier podcast.

Read More >

Podcast: James Burns on Internet-Accessible Device Vulnerabilities

By Robert Vamosi | 5/25/12 5:36 AM

In this week’s podcast, Mocana’s Senior Security Architect James Burns discusses Internet-accessible device vulnerabilities with host Robert Vamosi.

On May 16, researcher Justin Cacak, senior security engineer at Gotham Digital Science, told he was able to view content from cameras made by MicroDigital, HIVISION, CTRing and a variety of other cameras that are rebranded. Cacak worked with Rapid7 to develop testing tools for its Metasploit product, allowing companies to see whether their systems are vulnerable. The tool can also be used by criminal hackers to identify targets. In January of this year, the researchers at Rapid7 announced remote vulnerabilities in teleconferencing systems.

Read More >

Podcast: Jay Radcliffe on Medical Device Security

By Robert Vamosi | 5/11/12 3:43 AM

In this week’s podcast, Mocana’s Threat Center Director Jay Radcliffe discusses medical device security with host Robert Vamosi.

At last summer's Black Hat and Defcon security conferences, Radcliffe drew parallels with the SCADA industry when he gave a personal account of his experience of having Type 1 diabetes and how various devices he uses control his diabetes could be manipulated by “evil doers." The insulin pump replaces the actions of the liver (which secretes sugar) and the pancreas (which secretes insulin). Too much blood sugar can overtax the kidneys and too little blood sugar can shut the body down. Radcliffe related these bodily processes to industrial SCADA systems which also regulate pressure in gas and electric utilities—too much and the system blows, too little and the electrical or water system shuts down.

Read More >

Podcast: James Burns Discusses The Rise of Android Malware

By Robert Vamosi | 5/4/12 4:15 AM

In this week's podcast, Mocana's Senior Security Architect James Burns discusses Android security with host Robert Vamosi.

Read More >

Podcast: James Burns On Android Security

By Robert Vamosi | 4/27/12 2:16 AM

This week’s podcast, James Burns, Senior Security Architect at Mocana, discusses Android security with Robert Vamosi, specifically a proof of concept that allows security updates during the charging process.

In a paper released earlier this week, researcher David Weinstein from the MITRE Corp. argues that the common battery charger could soon be used “to measure, attest, and remediate the integrity” of the mobile device. His reference prototype is an Android-based Nexus S mobile phone.

Read More >

Podcast: Erik Peterson On MAP 2.0

By Robert Vamosi | 4/10/12 2:52 AM

This week's podcast, Erik Peterson, Principal Engineer at Mocana, discusses MAP 2.0 with Robert Vamosi, and relates his experience bringing Mocana's unique mobile app protection solution to Apple's iOS.

Read More >

Reality-fooling Malware and Unencrypted Satellite Signals

By Robert Vamosi | 1/20/12 5:20 AM

This week, Mocana's senior analyst Robert Vamosi and senior solutions architect James Burns talk about how Stuxnet attempts to deceive the abstraction layer for software execution and about hacking unencrypted satellite signals.

Read More >