In our spare time, we like to hunt for bugs in various pieces of software. To help teach people this skill, we decided to write up our analysis on some of the crashes we find. The goal is to help people learn how to debug, analyze the problem, determine why it’s happening, and what the impact is. For example, is this just something which will cause the software to crash and merely cause a brief denial of service, or is this a vulnerability which can be exploited to take complete control over the computer?
“Howdy Neighbor” is GRIMM’s Internet of Things (IoT) Capture the Flag (CTF)-like challenge. As smart devices become ubiquitous within the common household, so are threats to these devices. For example, last year, it was reported that researchers could use a smart lightbulb network vulnerability to attack an entire city. Howdy Neighbor is a model smart house that simulates how multiple interactive “smart” home products, including webcams, smoke detectors, power meters, HVAC systems, smart ovens and refrigerators, video game consoles, smart TVs, toasters, coffee makers, locks, and light bulbs (etc.
“3PO” is GRIMM’s mobile car hacking lab. Since nearly every modern car is Internet-connected, you no longer need physical access to break out of, or break into a vehicle. Hackers prove vehicles are not only insecure from a cybersecurity perspective, but because of that, also unsafe. From controlling the steering, accelerating, braking, and communications, this presents an extremely large attack surface. As automotive original equipment manufactures (OEM) and their Tier 1 direct suppliers have become more aware of the threat, their need for end-to-end hardware and software vulnerability assessments has grown.
GRIMM is excited to announce that Lisa Wiswell, Principal for Security Consulting, was selected as a Young AFCEA 40 Under 40 winner for 2017. The Young AFCEA 40 Under 40 Award is given to 40 individuals, 40 or under, recognizing their significant contributions in technical STEM fields by providing innovation, thought leadership and support to military and government technology communities. Lisa joined GRIMM’s leadership team earlier this year as a Principal in support of GRIMM’s commercial and government clients.