GRIMM purchased a GeoVision camera that arrived off-the-shelf with security vulnerabilities like most consumer IOT devices. The camera is a stand-in for any IOT device in a residential, industrial, or enterprise environment. The team demonstrated through a practical hands-on-exercise at HackNYC, RSA, Hack the Capitol, and multiple BSides where participants learn how to use a publically available exploit to compromise an emulated home network. The team modeled the design and configuration of the hands-on-exercise from a traditional use case:
GRIMM has been a long time advocate of building Connected and Automated Vehicles (CAV) with a security-by-design approach. We advance our automotive and aerospace clients’ cybersecurity posture for all forms of embedded security concerns. For example, for the past several years, GRIMM has been a co-sponsor and staple at theSANS Automotive conference - a one-stop shop for bringing the automotive sector, including manufacturers as well as vendors, and the security industry together to discuss the complexities of securing citizens in commercial and personal vehicles.
GRIMM and SCYTHE are packing our bags and heading to the RSA Conference. We have a busy week planned and are excited to see new and familiar faces. We would be happy to connect one-on-one to talk about the ways your organization can benefit from CROSSBOW. Our teams will be in full force - here are a few places you will find us throughout the week: Mayhem at the Mint Join SCYTHE and Bugcrowd at the historic SF Mint for an evening of luxurious InfoSec networking and partying.
Heading into the summer hacker conferences can be overwhelming. Demonstrations, panels and talks across multiple events events as in sames week - DEFCON 25, Black Hat 2017, BSidesLV - combined with all the parties (and meetings) made for an action packed week! With our social calendar full and our demonstrations in tow, the GRIMM team found itself in the spotlight while showcasing some of the most innovative cybersecurity research and intelligence on connected vehicles, IoT, smart homes, smart grids and ICS security up and down the Vegas Strip.
“Howdy Neighbor” is GRIMM’s Internet of Things (IoT) Capture the Flag (CTF)-like challenge. As smart devices become ubiquitous within the common household, so are threats to these devices. For example, last year, it was reported that researchers could use a smart lightbulb network vulnerability to attack an entire city. Howdy Neighbor is a model smart house that simulates how multiple interactive “smart” home products, including webcams, smoke detectors, power meters, HVAC systems, smart ovens and refrigerators, video game consoles, smart TVs, toasters, coffee makers, locks, and light bulbs (etc.
“3PO” is GRIMM’s mobile car hacking lab. Since nearly every modern car is Internet-connected, you no longer need physical access to break out of, or break into a vehicle. Hackers prove vehicles are not only insecure from a cybersecurity perspective, but because of that, also unsafe. From controlling the steering, accelerating, braking, and communications, this presents an extremely large attack surface. As automotive original equipment manufactures (OEM) and their Tier 1 direct suppliers have become more aware of the threat, their need for end-to-end hardware and software vulnerability assessments has grown.