Assessing the security and privacy of Vaccine Passports

There has been a lot of development lately in the field of health credentials, especially in the field of vaccine credentials. This has largely been driven by a perceived need to track and validate an individual's vaccination status with respect to COVID-19. This post attempts to explore the security and privacy concerns related with vaccine … Continue reading Assessing the security and privacy of Vaccine Passports

Practical Considerations of Right-to-Repair Legislation

Background For some time there has been a growing movement amongst consumers who wish to repair their own devices in a cost effective manner, motivated to reduce their expenses, and reduce e-waste. This is becoming ever more difficult to achieve as devices reach ever higher levels of complexity, and include more electronics and firmware. The … Continue reading Practical Considerations of Right-to-Repair Legislation

Tool Release – Solitude: A privacy analysis tool

Created by Dan Hastings and Emanuel Flores Solitude is an open source privacy analysis tool that enables you to conduct your own privacy investigations into where your private data goes once it leaves your web browser or mobile device. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating an … Continue reading Tool Release – Solitude: A privacy analysis tool

Domestic IoT Nightmares: Smart Doorbells

Preface Half way through 2020, UK independent consumer champion Which? magazine reached out to us and asked if we could assist investigating the security of a series of domestic IoT devices and to perform a vulnerability assessment of each device. The assessments included smart plugs and smart/connected doorbells. We also worked on a number of … Continue reading Domestic IoT Nightmares: Smart Doorbells

Compromising a Hospital Network for £118 (Plus Postage & Packaging)

TL; DR We bought a medical infusion pump device from eBay and from it, forensically retrieved the WPA key and server authentication credentials for a real-world hospital’s wireless network and medical pump management server. In the wrong hands, such capability could be life-threatening given the level of network-based access this information would present to attackers … Continue reading Compromising a Hospital Network for £118 (Plus Postage & Packaging)