Error Code

This is the story of Zhadnost, of how an IoT-based botnet was conscripted into an online war in the days immediately before the kinetic Ukraine invasion. Ryan Slaney of SecurityScorecard walks us through the timeline of these attacks and the evidence of attribution he found linking it to Russia’s GRU.

What if a vulnerability exists in popular ICS devices, yet the only fix is to re-issue the hardware? This is true with some embedded security flaws. Ang Cui, founder and CEO of Red Balloon Security, talks about his company’s discovery of CVE-2022-38773, which affects the secure boot process in Siemens S7 1500 PLCs, and what the mitigations for devices using that might look like.

IoT can make patient care easier.. But how do we introduce new IoT medical devices into an ecosystem where we can’t even keep tabs on our legacy devices? Mohammad Waqas discusses conversations he’s had with hospitals about the device profiles they don’t necessarily know about – the over-the-counter glucose monitor app on an iPad that hasn’t gone through IT provisioning - and what they can do about it.

The Vastaamo data breach stands as one of the most heinous of internet crimes because of the 30,000 psychiatric records that were exposed and the lives it ruined. Antti Kurittu discusses his presentation at SecTor 2022, what we know thus far from the public record, and the news of the Finnish arrest warrant for the individual only previously known as “Ransomware_Man”. 

IoT and Machine Learning can help farmers provide more food with fewer resources, so long as the devices in the field and the backend systems are secure. Seth Hardy, co-founder and CTO of Bug Mars, a precision agtech company for insect farms, discusses his SecTor 2022 presentation, drawing upon his more than 20 years of security experience in his new role in sustainable food production.

Quantum computing will make great advances in science; it will also have the ability to decrypt banking, healthcare, and other industries' stolen data. Skip Sanzeri of QuSecure explains how quantum computing is advancing rapidly, how it has the power to crack RSA 2048 and other encryption that we know take for granted today, and why his and other companies are talking about our post-quantum encryption world today. Dn3NZumn4pPpnVhpt6GH

This is the history of hardware hacking and the story of Joe Grand. From testifying before Congress to creating badgelife at DEF CON, Joe has done it all. And he’s darn humble about it, too. Joe just wants to share through his classes, website, and YouTube channel all that he’s learned since his days with the L0pht, the tools he’s created, and the work he’s currently doing with Right to Repair. He just wants to make the art of hardware hacking more accessible to others. 
 

What happens now to the digital test environment built for Hack-A-Sat 3? Well, it becomes a rich testing and training environment for all on GitHub. Login Finch and Frank Pound continue sharing some of the behind-the-scenes challenges presented by hosting a Hack-A-Sat capture the flag competition, this time drilling down details behind the Digital Twins environment that needed to be built in advance of next year’s hack of an actual satellite in orbit.

Satellites today lack basic security controls. With as little as $300, you, too, can hack into commercial satellites. So that’s an emerging IoT problem. 
Frank Pound and Login Finch share in this episode their work with Hack-A-Sat. It’s a unique Capture the Flag challenge that’s never been tried before. Here’s the background story of how the project got started … and where it’s going.

Error Code is a biweekly narrative podcast that provides you both context and conversation with some of the best minds working today toward code reliance and dependability. Work that can lead to autonomous vehicles and smart cities. It's your window in the research solving tomorrow's code problems today