HOME    ABOUT    NEWS    SERVICES    PRINCIPLES    KNOWLEDGE    CAREERS    CONTACT
HTTPS Vulnerabilities
ISE identified 21 (70% of sites tested) financial, healthcare, insurance and utility account sites that failed to forbid browsers from storing cached content on disk, and as a result, after visiting these sites, unencrypted sensitive content is left behind on end-users' machines.
Exploiting SOHO Routers
ISE researchers discovered critical security vulnerabilities in numerous small office/home office (SOHO) routers and wireless access points. These vulnerabilities allow a remote attacker to take full control of the router's configuration settings; some allow a local attacker to bypass authentication directly and take control. This control allows an attacker to intercept and modify network traffic as it enters and leaves the network.
Exploiting Android
Analysts at ISE have identified and exploited a security vulnerability in the Android operating system allowing a remote adversary to gain control on the device with the same permissions as the web browser application. A successful attacker will have access to information such as cookies used for accessing sites, information put into web application form fields, and saved passwords, and can alter the way in which the browser works, potentially tricking the user into entering sensitive information.
Exploiting Age of Conan
ISE and outside researchers discovered an exploit for Second Life that grants control of one character to a malicious character. This allows the adversary to perform actions that may have real-world consequences such as stealing the in-game currency known as Linden dollars, or controlling the player's machine.
Exploiting SecondLife
ISE and outside researchers discovered an exploit for Second Life that grants control of one character to a malicious character. This allows the adversary to perform actions that may have real-world consequences such as stealing the in-game currency known as Linden dollars, or controlling the player's machine.
Exploiting the iPhone
ISE security researchers successfully discovered a vulnerability in the iPhone, developed a toolchain for working with the iPhone's architecture (which also includes some tools from the #iphone-dev community), and created a proof-of-concept exploit capable of delivering files from the user's iPhone to a remote attacker.
Exploiting RFID Immobilizers
The Texas Instruments DST tag is a cryptographically enabled RFID transponder used in several wide-scale systems including vehicle immobilizers and the ExxonMobil SpeedPass system. This page serves as an overview of our successful attacks on DST enabled systems.
Case Studies
Papers/Publications
Presentations
Contact us
 

Copyright 2005-2013 Independent Security Evaluators, LLC. All rights reserved.