4 min
IoT
Lorex 2K Indoor Wi-Fi Security Camera: Multiple Vulnerabilities (FIXED)
The Lorex 2K Indoor Wi-Fi Security Camera is a consumer security device that provides cloud-based video camera surveillance capabilities. This device was a target at the 2024 Pwn2Own IoT competition. As of December 3, 2024, we are disclosing these issues publicly in coordination with the vendor.
1 min
IoT
Root Access for Data Control: A DEF CON IoT Village Story
Our perennial IoT hacking presenter, Principal Security Researcher, IoT, Deral Heiland, along with Rapid7 pentest team members, showed attendees many methods of extracting firmware from IoT devices and manipulating the systems in the name of control and operations.
2 min
Reports
New Research: The Proliferation of Cellular in IoT
Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.
4 min
IoT
Helpful tools to get started in IoT Assessments
The Internet of Things (IoT) can be a daunting field to get into. With many different tools and products available on the market it can be confusing to even know where to start.
3 min
IoT
Privacy, Security, and Connected Devices: Key Takeaways From CES 2024
The topic of data privacy has become so relevant in our age of smart technology.
With everything becoming connected, including our homes, workplaces, cities, and
even our cars, those who develop this technology are obligated to identify
consumers' expectations for privacy and then find the best ways to meet those
expectations. This of course includes determining how to best secure the data
with which these technologies interact. As you can imagine, accomplishing these
requirements is no easy fea
6 min
IoT
Genie Aladdin Connect Retrofit Garage Door Opener: Multiple Vulnerabilities
Rapid7, Inc. (Rapid7) discovered vulnerabilities in Aladdin Connect retrofit kit garage door opener and Android mobile application produced by Genie.
1 min
IoT
There’s One Last Gift Under the Tree, It’s Hands-On IoT!
It’s the holiday season and since we’re in a giving mood we thought we’d surprise our loyal readers with a fun, hands-on hardware exercise to enjoy during some well-earned downtime.
3 min
IoT
Is That Smart Home Technology Secure? Here’s How You Can Find Out.
I can’t tell you which solution will work for your specific case, but I can give you some pointers around technology security.
2 min
IoT
Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing
A look at the various components that make up Smart Cities with the goal of having a model to help better understand the various security concerns as we plan for our Smart City future.
2 min
IoT
Get your head in the cloud(s)
Many organizations are in the midst of adopting the cloud faster than ever before; it’s arguably mission critical for their success and longevity.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 4
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to gain root access over the device's secure shell protocol (SSH).
6 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 3
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to modify the data we've extracted.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2
Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data.
5 min
IoT
Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1
Rapid7 returned to DEF CON 30 and participated at the IoT Village with another hands-on hardware hacking exercise.
2 min
IoT
Addressing the Evolving Attack Surface Part 1: Modern Challenges
In this webcast, Cindy Stanton highlights where the industry started from traditional vulnerability management which focused on infrastructure but evolved significantly over the last couple of years.