embedded device

Oven Check

Episode 252: Colin O’Flynn On Hacking An Oven To Make It Stop Lying

In this episode of the podcast, host Paul Roberts speaks with Colin O’Flynn, CTO and founder of the firm NewAE about his work to patch shoddy software on his home’s electric oven – and the bigger questions about owners rights to fix, tinker with or replace the software that powers their connected stuff.

Mikko Hyppönen CRO WithSecure

Episode 241: If Its Smart, Its Vulnerable a Conversation with Mikko Hyppönen

We speak with Mikko Hyppönen on the sidelines of the DEF CON Conference in Las Vegas to talk about his new book, “If its Smart it Vulnerable.”

McFury

Episode 215-2: Leave the Gun, Take the McFlurry

In part II of our interview with Jeremy O’Sullivan of the IoT startup Kytch. We hear about how what Kytch revealed about Taylor’s soft ice cream hardware put him at odds with the company and its long-time partner: McDonald’s.

Armis Urgent/11 Vulnerabilities Logo

Critical Flaws in VxWorks affect 200 Million Connected Things

Serious and exploitable security flaws in VxWorks, a commonly used operating system for embedded devices, span 13 years and could leave hundreds of millions* of connected devices vulnerable to remote cyber attacks and hacks. The security firm Armis on Monday published a warning about 11 critical, zero day vulnerabilities in the VxWorks operating system, which is owned and managed by the firm Wind River. The vulnerabilities expose more than 200 million devices and could allow attackers to remotely take control of everything from networked printers and security appliances to industrial and medical devices, according to Ben Seri, the Vice President of Research at Armis. Move over, EternalBlue! At least a couple of the flaws were described as “more serious” than EternalBlue, the Microsoft Windows flaw that powered both the WannaCry and NotPetya malware outbreaks. SCADA and industrial control system devices, healthcare devices like patient monitors and MRI machines, as well […]

Theo from Die Hard

Die Hard is a Movie About Building Automation Insecurity. Discuss.

In this episode of the Security Ledger Podcast (#126): Die Hard has finally been embraced as the bloody, violent, feel-good Christmas movie its always been. But the film, which turns 30 this year, is about more than the power of ordinary guys to stand up to evil. Did you know it’s also a (very) early warning about the dire insecurity of building automation systems? We speak with Ang Cui of the firm Red Balloon Security about the dire risk of cyber attacks on building automation software and company’s work to secure this often-overlooked critical infrastructure.