Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Deral Heiland  

AUTHOR STATS:

31

Extracting Firmware from Microcontrollers Onboard Flash Memory, Part 2: Nordic RF Microcontrollers

In this blog, we will conduct another firmware extraction exercise dealing with the Nordic RF microcontroller (nRF51822).…

Extracting Firmware from Microcontrollers' Onboard Flash Memory, Part 1: Atmel Microcontrollers

As part of our ongoing discussion of hardware hacking for security professionals, this blog covers the Amtel Atmega2561 microcontroller.…

[IoT Security] Introduction to Embedded Hardware Hacking

Many security professionals and researchers are intrigued by the idea of opening up and exploring embedded technologies but aren’t sure where to start.…

Smart Sensors: A Look at Beacon Security

After working on a smart city project, I wanted to share some of my learnings about beacon technology and how to evaluate its security.…

Once a Haxer, Always a Haxor

Like most hackers, I liked to take apart my holiday gifts as a kid. In this blog, I take apart Amazon's voice-controlled microwave oven to see how it works.…

Top Tactics for Researching IoT Technology Security This Holiday Season

As the holiday shopping season kicks off on Black Friday, here's what consumers should do to protect themselves when purchasing and using IoT technology.…

Why It’s Critical to Test the Failure State of IoT Products

When considering or testing the security posture of an IoT product’s ecosystem, it is important to take into account how that product handles failure conditions.…

National Cybersecurity Awareness Month: Manage Your Risk at Home with Simple Tweaks to Your Voice-Controlled Devices

Voice-controlled devices can help handle countless tasks in your home, but they still come with some risk. Use these tactics to boost their security.…

Lessons and Takeaways from CTIA’s Recently Released IoT Security Certification Program

The CTIA recently announced a new cybersecurity certification program for cellular- and Wi-Fi-connected IoT devices. Here is my high-level overview of this program.…

Security Impact of Easily Accessible UART on IoT Technology

When it comes to securing IoT devices, it’s important to know that Universal Asynchronous Receiver Transmitter (UART) ports are often the keys to the kingdom for device analysis when you have physical access. For example, as part of ongoing security research and testing projects…

Smart Sensors: Our Bold New World

Over the last several months I have been surveying our bold new world of smart sensor technology. It is absolutely amazing how advances in this area over the last decade have led to technology that affects our day-to-day lives on a large scale. For example:…

The Term Internet of Things (IoT) Should Change

I have been the IoT Research Lead at Rapid7 for nearly two years. During those two years, we’ve seen the industry struggle to define IoT. Many organizations are still thinking of IoT as simple consumer toys that do not impact them, but that is…

ROCA: Vulnerable RSA Key Generation

In the KRACK-related and BadRabbit-related chaos of the past week and a half, some people missed a less flashy vulnerability that nevertheless dug up key long-term questions on IoT supply chains and embedded technology. The Czech-based Center for Research on Cryptography and Security published research…

IoT Mobile Application Credential Encryption

Rapid7 IoT Research Lead Deral Heiland offers several of his takeaways from testing IoT mobile applications.…

In Fear of IoT Security

I wish I had a dime for every time I have heard someone say “With so many vulnerabilities being reported in the Internet of Things, I just don't trust that technology, so I avoid using any of it." I am left scratching my head…