Compass Security Blog

Offensive Defense

The Good Old DNS Rebinding

A post on how to trick browsers to work as a gateway to internal web servers and IoT devices, the concepts behind and how to easily exploit DNS rebinding using the Singularity of Origin framework.

Continue reading

A Smart Card Odyssey

Black box analysis of a not so smart card in ID-1 form factor that is in use for the billing of washing machines and tumble driers.

Continue reading

enOcean Security

In this post, we are going to take a closer look at the enOcean technology, how security is implemented, and if the security measures and options available are sufficient.

Continue reading

Hardwear.io 2017

Recently our analysts have been spending increasing amounts of time on IoT security. More specifically looking at the Tensilica Xtensa microcontroller architecture, and even more specifically at the Mongoose OS embedded operating system. With some public (CVE-2017-7185), and some not yet disclosed advisories (watch this space for Dobin Rutishauser’s work), we are happy to announce that […]

Continue reading

BlackHat 2017 & DefCon 25

  This year three Compass analysts, Stephan Sekula, Dobin Rutishauser, and Philipp Promeuschel, attended the BlackHat and DefCon

Continue reading

IoT WiFi Module – Dump the Data

The ESP8266 WiFi module from ESPRESSIF is a commonly used, low cost (less than 2 US$) WiFi module that exists in different PCB layouts. Often used for IoT projects and easily programmable using the Arduino IDE or with Mongoose OS and its web based IDE.  The ESP8266 modules are covered with a metal shield. Under the shield is a WiFi/CPU chip, […]

Continue reading

IoT (in)security

IoT devices in the news have been proliferating at an ever-increasing rate. Both hardware manufacturers and news agencies are trying to capture the attention of the general public with the next killer device and/or application combinations. More recent IoT news items included analysis on the Mirai botnet [0] and its effect on the internet as a whole, […]

Continue reading

Making of Compass bIOTech v1.0

The “Internet of Things” (IoT) grows quickly. More and more devices are connected to the Internet to automate tasks and simply life. Fridges automatically order milk, cars are taught to self-drive via a simple update and bridges send live updates about their structural integrity. According to Gartner’s 2016 Tech Trends, IoT will define the shape of tomorrow’s […]

Continue reading