Research and Development

hardhack

Too frequently security professionals only consider software vulnerabilities when considering the risks of connecting devices to their networks and systems. When it comes to considering potential risks of connected devices and the Internet of Things, not only must security professionals consider potential vulnerabilities in the software and firmware of these systems, but also physical vulnerabilities in hardware.  This document considers the potential risk posed by hardware modification of seemingly innocuous hardware devices attached to critical systems, by showing how a simple KVM switch can be modified for use as a key logger. Continue reading

Security researchers love the new shiny and whilst some like playing games too, I am not one of those. That being said, I have researched UNIX like OS for a number of years and I’m constantly thrilled by the new uses people find for it. This security evaluation was performed against the beta tree of SteamOS, a new, “open” games platform from the developers at Valve. Continue reading

Having just arrived back from a client engagement, I was in the pub with some colleagues earlier this evening, and one amongst them, a junior asked a really interesting question “How does one assess an embedded device?”. Continue reading