Major Vulnerabilities in Foscam Cameras

For the past several months, VDOO’s security research teams have been undertaking broad-scale security research of leading IoT products, from the fields of safety and security. In most cases, the research was carried out together with the device vendors for the sake of efficiency and transparency.

As part of this research, VDOO researchers found zero-day vulnerabilities in devices of several vendors. These vulnerabilities were disclosed to the vendors, in accordance with responsible disclosure best practices, and will be shared gradually after the disclosure periods are concluded.

Continue reading “Major Vulnerabilities in Foscam Cameras”

Behind the research glass – an insight into our approach

Here at VDOO, it is our long-term mission to continuously assess and improve the security of the connected-devices that are rapidly surrounding us. The only real way to succeed in these missions is by utilizing a critical and methodical approach and technologies to inspect all the different layers of a modern embedded and connected device – its application layer, protocols, operating system, hardware, controllers, gateways and backend connectivity.

Continue reading “Behind the research glass – an insight into our approach”

5 Initial Steps to Mitigate Security Threats in Consumer IoT Products

The major botnet variants seen over the last few years have been enabled primarily by a lack of basic security engineering practices applied to consumer IoT devices. BASHLITE, Mirai, Remaiten and Linux.Darlloz all relied at least partially on dictionary attacks that took advantage of well-known default username/password combinations to compromise devices.

Continue reading “5 Initial Steps to Mitigate Security Threats in Consumer IoT Products”

IoT Security Foundations: Authentication on the Internet of Things

This article is part two of the IoT Security Foundations series. In this post we will introduce authentication, its pitfalls, and what makes it interesting in the Internet of Things. This article focuses on password authentication mechanisms, the most common ways they get broken, and the right measures that IoT makers can take to achieve a high level of security. There are other advanced authentication methods, that can be more secure or more efficient than password authentication under specific scenarios, but we will leave the details of those for a later article in this series.

Continue reading “IoT Security Foundations: Authentication on the Internet of Things”

Why did we start VDOO? An introduction by VDOO’s founders

VDOO Founders

It may be just a few short months since we founded VDOO, but it has been over a decade since we started innovating in cyber security, back in the days when it was simply ‘information security’. We started with compliance automation and network-node security certification, through computer forensics and incident response, and in the last few years we have been dealing with endpoint security against targeted attacks and integration of gateway solutions. Our goal has always been to stay one step ahead of the attackers, and ahead of the market. Sometimes we managed, sometimes we didn’t.

Continue reading “Why did we start VDOO? An introduction by VDOO’s founders”

Who’s in charge? The written and unwritten contracts between the consumer, the manufacturer and the state

When you purchase an electronic device, how do you know it will work? How can you be sure that it will not harm your environment or even your safety? How can you know that the device will not be used as means of espionage?

Continue reading “Who’s in charge? The written and unwritten contracts between the consumer, the manufacturer and the state”