Remote Administration of Connected Devices – Potential Danger Ahead

By Taylor Centers

June 7, 2021

Danger Ahead! Congratulations – you have deployed a new product, device, or server that runs on your customer’s premise. The product development lifecycle, however, does not end at deployment. Support and maintenance are key components of delivering a robust product. When a customer encounters an issue with a deployed device, there are a few options: 1) attempt to coach them through troubleshooting over the phone (or any telecom system), 2) send an expert to be on-site with the customer and the problem device, or 3) create a remote access system in the product that allows your experts to access the device from anywhere at any time.

Continue reading

Hardware Hacking 101: Identifying and Verifying JTAG on a Device

By Sue Mohieldin

May 27, 2021

Introduction Welcome back to our introduction to hardware hacking 101 series and our second installment of our JTAG blog post! In this post we share a teardown of a TP-Link AC1750 to demonstrate how to identify and verify a pinout for JTAG. If you haven’t already, make sure to check out part one of the JTAG post where we provide background on the interface and its characteristics. Hands On Now that we have covered how JTAG works and its interface, let’s take a look at a TP-Link Archer C7 | AC1750 dual band wireless router to demonstrate how to locate and identify the pinout for JTAG.

Continue reading

Hardware Hacking 101: Introduction to JTAG

By Sue Mohieldin

May 6, 2021

Introduction Welcome back to our introduction to hardware hacking series! In this post we will be covering the Joint Test Action Group (JTAG) interface, its state machine, pinout, and electrical characteristics. This is the first part of a multi-part series about JTAG. In this first installment, we provide background and information to get started working with JTAG. In our next post, we will share a teardown of a TP-LINK AC1750 to demonstrate how to identify and verify a pinout for JTAG.

Continue reading

Equitable management of cybersecurity workforce meal-related debts with questionable integrity protections

By Jeff Spielberg

April 1, 2021

Introduction For the modern cybersecurity workforce, there is oftentimes nothing more important than a satisfying meal. While COVID-19 has meant that most employees are working from home, we address some important issues for employees who may be returning to offices soon – and will need satiation. Some offices, including many lab spaces, may have few ideal local lunch options. While a trip to a local artisan food establishment may be a welcome distraction from a long day of reverse engineering, the time spent going back and forth to pick up meals may be considered a distraction to some.

Continue reading

Ninjadiff - open source binary hashing

By Rylan O'Connell

February 23, 2021

A year ago, we released a series of blog posts documenting our research into the world of binary hashing. While we speculated about the efficacy of this technique for binary diffing, our primary goal was to recognize similar code between binaries for the purpose of porting annotations from one analyzed binary to another and many of our design choices reflected this end-goal. Luckily, we’ve been given the opportunity to explore how these hashing techniques could be applied to the world of “bindiffing” through DARPA’s Assured Micropatching (AMP) 1 program.

As part of this ongoing research, we have developed NinjaDiff - an open source binary diffing plugin for BinaryNinja. Throughout this blog post, we will be discussing the underlying algorithms and technical design choices made while designing this tool.

Continue reading

Security Penetration Testing: Why, When, and How?

January 28, 2021

Proactive cybersecurity protections are critical to overall product success due to increasing risk, combined with consumer and enterprise awareness of cyber practices and their impact. River Loop Security works with a wide variety of organizations to secure their products; as a result we have seen the effectiveness proactive security has on their success. One tool that we often draw upon is penetration testing (‘pentest’ for short), or the act of simulating a scenario in which a malicious actor is attempting to penetrate a device or system. From this scenario, we are able to emulate the attacker mindset and see things that are often missed during regular code review or quality assurance, resulting in valuable feedback that can be used to further secure a system. In this post we will be discussing some key advantages penetration tests provide, the differences in testing during various stages of the product lifecycle, along with some of our methodology on how we work with teams to provide the most value during a penetration test.

Continue reading

IEEE PAINE 2020: Decoding & Defending the Trusted Platform Module Against Malicious Hardware Implants

January 11, 2021

River Loop Security’s team members presented at IEEE International Conference on Physical Assurance and Inspection of Electronics (PAINE). The presentation provided a background on hardware implants, secure boot, and background on the Trusted Platform Module (TPM). We then focused on explaining and demonstrating our team’s work developing an TPM interposer and decoder. It concluded in discussing defending agaisnt malicious hardware implants.

Continue reading

Internet of Things Cybersecurity Improvement Act of 2020: What You Need to Know

By Jeff Spielberg

November 25, 2020

On November 17, 2020 the senate passed H.R. 1668, the Internet of Things Cybersecurity Improvement Act of 2020, by unanimous consent. It is expected to be signed into law, making it a major step in describing and enforcing Internet of Things (IoT) cybersecurity.

In short, this bill requires that the National Institute of Standards and Technology (NIST) set standards, guidelines, and best practices for IoT devices that are procured or used by federal agencies. While the scope of the bill is limited to federal contracts (via the Federal Acquisition Regulations (FAR)), we believe it will have far-ranging consequences on the security of IoT and other embedded systems in the future.

Continue reading

Hardware Hacking 101: Glitching into Privileged Shells

By Cristian Vences

October 14, 2020

Introduction Welcome back to our hardware hacking series! We are excited to share the “glitching” techniques we use in our device assessment process. Glitching, or voltage or fault injection, is the process of changing voltage levels in a digital system in a manner that causes disruption of the system under test or corruption of data. If timed correctly, a glitch of even 1 millisecond can cause a system to fail open into a potentially privileged state.

Continue reading

CVE-2020-13995: Details on a Vulnerability in a NITF Parser

By Doug Gastonguay-Goddard

September 24, 2020

While fuzzing a NITF Extract utility extract75 utility published by the US Air Force Sensor Data Management System, we found a global buffer overflow that leads to a write-what-where condition. This flaw has been assigned CVE-2020-13995 and is disclosed in this blog post.

See our Coordinated Vulnerability Disclosure process for more information on how we go about disclosing vulnerabilities we find.

Continue reading