Posts tagged IoT

4 min IoT

Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)

The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. As of December 3, 2024, we are disclosing these issues publicly in coordination with the vendor.

1 min IoT

Root Access for Data Control: A DEF CON IoT Village Story

Our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed attendees many methods of extracting firmware from IoT devices and manipulating the systems in the name of control and operations.

2 min Reports

New Research: The Proliferation of Cellular in IoT

Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.

4 min IoT

Helpful tools to get started in IoT Assessments

The Internet of Things (IoT) can be a daunting field to get into. With many different tools and products available on the market it can be confusing to even know where to start.

3 min IoT

Privacy, Security, and Connected Devices: Key Takeaways From CES 2024

The topic of data privacy has become so relevant in our age of smart technology. With everything becoming connected, including our homes, workplaces, cities, and even our cars, those who develop this technology are obligated to identify consumers' expectations for privacy and then find the best ways to meet those expectations. This of course includes determining how to best secure the data with which these technologies interact. As you can imagine, accomplishing these requirements is no easy fea

6 min IoT

Genie Aladdin Connect Retrofit Garage Door Opener: Multiple Vulnerabilities

Rapid7, Inc. (Rapid7) discovered vulnerabilities in Aladdin Connect retrofit kit garage door opener and Android mobile application produced by Genie.

1 min IoT

There’s One Last Gift Under the Tree, It’s Hands-On IoT!

It’s the holiday season and since we’re in a giving mood we thought we’d surprise our loyal readers with a fun, hands-on hardware exercise to enjoy during some well-earned downtime.

3 min IoT

Is That Smart Home Technology Secure? Here’s How You Can Find Out.

I can’t tell you which solution will work for your specific case, but I can give you some pointers around technology security.

2 min IoT

Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing

A look at the various components that make up Smart Cities with the goal of having a model to help better understand the various security concerns as we plan for our Smart City future.

2 min IoT

Get your head in the cloud(s)

Many organizations are in the midst of adopting the cloud faster than ever before; it’s arguably mission critical for their success and longevity.

5 min IoT

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 4

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to gain root access over the device's secure shell protocol (SSH).

6 min IoT

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 3

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to modify the data we've extracted.

5 min IoT

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data.

5 min IoT

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1

Rapid7 returned to DEF CON 30 and participated at the IoT Village with another hands-on hardware hacking exercise.

2 min IoT

Addressing the Evolving Attack Surface Part 1: Modern Challenges

In this webcast, Cindy Stanton highlights where the industry started from traditional vulnerability management which focused on infrastructure but evolved significantly over the last couple of years.