Blog

Home /
Blog

Radio Killed the Radio Stars: Security Analysis of RF Protocols for Industrial Applications

Rf , Embedded , Reverse engineering

After having analyzed the several RF protocols for industrial applications, distributed by global vendors, we discovered that none of them had sufficient security features to prevent an attacker from hijacking the communication and manoeuvre the controlled connected machines.

Large Scale Analysis of Defaced Web Pages

Measurement , Defacement , Machine learning

Given the multiple releases around this topic and project, I’ve decided to put together a summary. So far, there is: a tool, a white paper, an academic paper, and (spoiler alert) another white paper coming soon.

Dnsmasq and CVE-2017-1449*: A Reality Check and Remediation Practices

Cve , Security

Many vulnerabilities in one shot, yet several pre-conditions for a target to be actually exploitable. Here’s simple flowchart to check whether your Dnsmasq deployments are vulnerable.

Robosec: Industrial Robot Security

Industrial , Robotics , Security

Industrial robots are complex cyber-physical systems used for manufacturing, and a critical component of any modern factory. Besides the mechanical arm, inside an industrial robot there are not just electromechanical components but a multitude of complex embedded controllers.

From a Bit-flipping to a Vulnerability in the CAN Standard

Embedded , Automotive , Security

CAN-based protocols are vulnerable to bit-flipping attacks at the link layer. In this collaborative research, Politecnico di Milano’s NECSTLab and Trend Micro’s FTR analyze the protocol in depth and demonstrate the vulnerability on a real car, with PoC and so on.

Prometheus: Automatic signature generation for WebInject-based banking trojan detection

Malware

The goal of this project is to extract signatures that capture the WebInject behavior of trojans. WebInject-based trojans are still the most popular e-crime tool.

The Role of Industrial Routers in Keeping the Future Factory Secure

Embedded , Industrial , Security

Industrial routers play a very crucial role: a single vulnerability can grant the attacker access to an entire network of critical machines. In this research, I’ve looked at how easy it is for a hypothetical attacker to find and enumerate industrial routers, and the security posture of their vendors.

What we Know About Eyepyramid

Malware , Reverse engineering

The day before the EyePyramid case exploded, I received a confidential email with a PDF. It was the scanned copy of the court order for the law enforcement to proceed and arrest the Occhionero brothers. In a few minutes, I noticed that this leaked document was also circulating on various private mailing lists and chat groups I’m part of. At some point, I received a non-redacted copy.

Mobile (Android) Ransomware

Mobile , Malware , Ransomware

I’ve started this project while advising a Master student who was interested in machine learning. As I’ve been using machine learning since around 2006, I was immediately hooked by the idea of using it to determine whether an Android app was trying to lock the target device as part of a ransomware scheme.

Banksealer: Automatic Banking Fraud Detection

Fraud , Malware , Anomaly detection

We started this project because we wanted to analyze banking and credit-card transactions and, with as little knowledge as possible, predict whether new ones are fraudulent or not (e.g., due to a banking trojan working on the victim’s computer, made by a cyber criminal with stolen credentials).