INSIGHTS, NEWS & DISCOVERIES
FROM IOACTIVE RESEARCHERS

Wednesday, January 17, 2018

Easy SSL Certificate Testing

By: Enrique Nissim
tl;dr: Certslayer allows testing of how an application handles SSL certificates and whether or not it is verifying relevant details on them to prevent MiTM attacks: https://github.com/n3k/CertSlayer.

Thursday, January 11, 2018

SCADA and Mobile Security in the IoT Era

By: Alexander Bolshev (dark_k3y) Security Consultant, IOActive
Ivan Yushkevich (Steph) Information Security Auditor, Embedi

Two years ago, we assessed 20 mobile applications that worked with ICS software and hardware. At that time, mobile technologies were widespread, but Internet of Things (IoT) mania was only starting. Our research concluded the combination of SCADA systems and mobile applications had the potential to be a very dangerous and vulnerable cocktail. In the introduction of our paper, we stated “convenience often wins over security. Nowadays, you can monitor (or even control!) your ICS from a brand-new Android [device].”