The German government-issued identity card (nPA) allows German citizens to not only prove their identity in person, but also against online services (by using the embedded RFID chip). SEC Consult conducted a short security test on a software component commonly used to implement this authentication mechanism.
All devices from Xiongmai, a Chinese OEM who manufactures white-label video surveillance equipment, come with an always-on cloud feature called XMEye P2P cloud. This feature contains serious vulnerabilities that allow attacks on millions of devices, even ones that are behind firewalls.
SEC Consult, CyberTrap and IoT Inspector showcased their consulting services around information security, reaching from penetration testing, source code review, red teaming, and ISO27001 ISMS implementation to security awareness trainings by the SEC Academy.
Google CTF is a hacking competition in the style of Capture-the-Flag, which has been going on for many years.Google CTF is a hacking competition in the style of Capture-the-Flag, which has been going on for many years.Here are a few inputs on how to master it.
Time is money and money obviously is what keeps a company running. Up until the very moment it doesn’t: product releases get postponed, stakeholders leave and so does your window of opportunity to conquer the market. If you can’t think of a way to fix it, it is time to start over.
Some time ago, a case about a hacked baby monitor made the news in the US. A mother claimed someone had taken control over the device and surveilled her baby. SEC Consult investigated the issue at a technical level.
In this blog post René Freingruber (@ReneFreingruber) from the SEC Consult Vulnerability Lab shares different filesystem tricks which were collected over the last years from various blog posts or found by himself.