Checkmarx Security Research Team latest work

We’ve got a lot of new research in our hands but so far only one got disclosed to the public. I’m talking about the LeapFrog LeapPad Ultimate research. It got a few hits on the media (CNET, The Telegraph,  ZDNET, BleepingComputer,  Threatpost, Fortune, …) and I’m very proud of this work specially because it keeps… Continue reading Checkmarx Security Research Team latest work

Popular wireless Logitech mouse vulnerable to keystroke injection

One of the things that keeps me on the security path is the opportunity to learn new things each day. After seing the new update on Bettercap – which supports HID (Human Interface Device) – I decided to read about it – specially on MouseJack keystroke injection attacks. I went throught the affected devices list… Continue reading Popular wireless Logitech mouse vulnerable to keystroke injection

BLE Surfing an Orienteering event

It was 2pm and more than 1500 individuals were getting ready to start an international Orienteering event. To me it was opportunity to test my new BLE tool and at the same time, know more about the number of sports wearable’s people use nowadays – to know what to break next 🙂 So I positioned… Continue reading BLE Surfing an Orienteering event

Checkmarx Security Research Team latest work

In these last couple of weeks Checkmarx Security Research Team disclosed some of our research: Your Lenovo Watch X Is Watching You & Sharing What It Learns Your Smart Scale is Leaking More than Your Weight: Privacy Issues in IoT Android WebView: Are Secure Coding Practices Being Followed? NFCdrip: Data Exfiltration Research in Near Field… Continue reading Checkmarx Security Research Team latest work

Exfiltrate all the things at BSidesLisbon18

Last week BSidesLisbon was legendary. More than 400 attendees, beer, “pastel de nata” and of course – amazing talks. This was my third participation as a speaker and first time co-presenting a talk with my friend and colleague Pedro Umbelino. We worked very hard on this topic during the last year and we wanted to… Continue reading Exfiltrate all the things at BSidesLisbon18

Semana Informática and BSides Lisbon

So I scheduled my last talks for this year. At 31 October, I’ll be at FEUP in Semana Informática to present – Breaking IoT! And for the third time, I’ll have the honor to be at BSides Lisbon on 29th and 30th November giving a talk with my friend and collegue Pedro Umbelino – Exfiltrate… Continue reading Semana Informática and BSides Lisbon

Checkmarx Security Research Team latest work

My team has been working hard and we release more juicy stuff: – Common Security Mistakes when Developing Swift Applications – Part I – Meet NFCdrip – a New Security Concern for Air-Gapped Systems – What’s in Your Website? Lurking Risk from Third-party Resources – How Secure Are the Browser Extensions You Create? Pedro Umbelino… Continue reading Checkmarx Security Research Team latest work

Opening a fingerprint + BLE smartlock – the smart way!

I got my hands on a smartlock that costs around 35€ on Amazon which unlocks using the fingerprint or app (using BLE). In reality I don’t know the brand and model but this is not something that I really care. What I wanted to check was – how hard was breaking this smartlock? After a… Continue reading Opening a fingerprint + BLE smartlock – the smart way!