Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

IoT  

Top Tactics for Researching IoT Technology Security This Holiday Season

As the holiday shopping season kicks off on Black Friday, here's what consumers should do to protect themselves when purchasing and using IoT technology.…

Top 5 Threats Healthcare Organizations Face and How to Combat Them

Looking to protect your healthcare organization from cyber-threats? Here are the top five threats to look out for and tips on how to outsmart attackers.…

Why It’s Critical to Test the Failure State of IoT Products

When considering or testing the security posture of an IoT product’s ecosystem, it is important to take into account how that product handles failure conditions.…

National Cybersecurity Awareness Month: Manage Your Risk at Home with Simple Tweaks to Your Voice-Controlled Devices

Voice-controlled devices can help handle countless tasks in your home, but they still come with some risk. Use these tactics to boost their security.…

Putting Pen (Tests) to Paper: Lessons and Learnings from Rapid7’s Annual Mega-Hackathon

Rapid7's Mega-Hackathon offers a unique chance to go beyond the data and get a feel for what pen testers are like in their natural habitat.…

Lessons and Takeaways from CTIA’s Recently Released IoT Security Certification Program

The CTIA recently announced a new cybersecurity certification program for cellular- and Wi-Fi-connected IoT devices. Here is my high-level overview of this program.…

Enhancing IoT Security Through Research Partnerships

Securing IoT devices requires a proactive security approach to test both devices and the IoT product ecosystem. To accomplish this, consider setting up a research partnership.…

Communicating IoT Security Update Capability

What is the essential information that manufacturers should communicate to consumers about security updates for Internet of Things (IoT) devices?…

Security Impact of Easily Accessible UART on IoT Technology

When it comes to securing IoT devices, it’s important to know that Universal Asynchronous Receiver Transmitter (UART) ports are often the keys to the kingdom for device analysis when you have physical access. For example, as part of ongoing security research and testing projects…

R7-2017-28: Epson AirPrint XSS (CVE-2018-5550)

The Epson AirPrint web configuration page is vulnerable to a reflected cross-site scripting (XSS) issue in the INPUTT_GEOLOCATION parameter in the web administration console. This issue could be leveraged by an attacker with network access to the web UI to the printer to trick…

Smart Sensors: Our Bold New World

Over the last several months I have been surveying our bold new world of smart sensor technology. It is absolutely amazing how advances in this area over the last decade have led to technology that affects our day-to-day lives on a large scale. For example:…

A Visit From a Printer PoC

The story of a group effort to perform a successful holiday printer hack...translated into rhymed verse for your HaXmas entertainment.…

The Term Internet of Things (IoT) Should Change

I have been the IoT Research Lead at Rapid7 for nearly two years. During those two years, we’ve seen the industry struggle to define IoT. Many organizations are still thinking of IoT as simple consumer toys that do not impact them, but that is…

NCSAM Security Crash Diet, Week 4: IoT

The final week of our 'Security Crash Diet' series for NCSAM explores what the IoT device purchasing process is like for consumers who want to buy IoT with security in mind. Spoiler: It isn't easy.…

ROCA: Vulnerable RSA Key Generation

In the KRACK-related and BadRabbit-related chaos of the past week and a half, some people missed a less flashy vulnerability that nevertheless dug up key long-term questions on IoT supply chains and embedded technology. The Czech-based Center for Research on Cryptography and Security published research…