Senrio News

Our team is regularly making news or interesting announcements, see recent articles, publications, research, or announcements all summarized here.

April 2019

Stephen Ridley weighs in on Oregon House Device Security Bill

“Stephen Ridley, said the Oregon bill is a sensible first step toward improving security. He called it ‘basic hygiene,’ analogous to a requirement that health professionals wash their hands before interacting with patients.

Oregon’s legislation won’t prevent all hacking, … but will address the problems that are easiest to prevent and start a broader conversation about how to secure the emerging technology.

‘A simple series of suggestions like the ones that are in this bill are probably best and constitute good forward momentum.’”

https://www.oregonlive.com/silicon-forest/2019/04/oregon-house-passes-bill-requiring-security-for-online-devices.html

January 2019

Stephen Ridley Included in Tribe of Hackers

Stephen Ridley was included in the new book, Tribe of Hackers, published by Threatcare, which contains cybersecurity advice from the best hackers in the world.

There are already hundreds of thousands of cybersecurity professionals and, according to some sources, there is a shortage of several more hundreds of thousands. Tribe of Hackers wants to change that.

October 2018

Risky Business #516: Stephen Ridley on Risky Business Podcast Discussing Hardware Supply Chains

It was a pleasure to be on Risky Business, this time discussing the challenges of facing hardware supply chain security. Listen to the podcast here.

September 2018

The Parallax on Medical Device Security

VP of Research M Carlton quoted on the threats to medical device security in The Parallax.

Read the article here

August 2018

Senrio integrates with Carbon Black to solve problems in connected device awareness and visibility

Every device connected to a network is a potential weak point – even if the role that device plays seems minor under ordinary circumstances. Together, Carbon Black and Senrio provide comprehensive awareness and visibility into all connected devices, helping to ensure that you know exactly what makes up your enterprise.

​Click here for more details.

June 2018

VP of Research at LiveWorx 2018

VP of R&D M. Carlton will be discussing lateral attacks between networked embedded devices using real-world examples in popular devices at the LiveWorx event in Boston.

Click here for more details of the event.

May 2018

Senrio Announces “Discovery”

Today we announced “Discovery” a desktop app that uses a small piece of the Senrio Insight cloud to help firms build searchable inventories from raw network packet captures. The tool is also free to try

Read a full blogpost about it here, or jump directly to the product page (http://iot.security/senrio-discovery) to learn more and get started!

April 2018

First Public Demo of Data Breach via IoT Hack Comes to RSAC

At the 2018 RSA Conference VP of Research M. Carlton and CTO Stephen Ridley demonstrated for the first time publicly an IoT hack that resulted in a breach of personally identifiable information. At the IoT Village our talk ”Lateral Attacks between Connected Devices in Action” showed how a relatively unskilled attacker could compromise enterprise security without ever triggering an alert from traditional end-point or network security protections. 

Read the full article at Dark Reading

March 2018

Senrio Integrates with Slack!

We announced today that in addition to existing integrations with Splunk, RSA, SEIMs, all major firewalls, and familiar dashboards, Senrio Insight users can access Senrio data directly from Slack!

Read the blogpost to watch a video of it in action.

Our “IoT Hacking” BlackHat 2018 Training Sold Out!

Our hardware/firmware/IoT hacking training is consistently one of a handful of trainings to sell out in the first few weeks at Black Hat for the 7th year in a row!

January 2018

RSA Partners with Senrio to Bring Visibility to the Blind spot of IOT Devices

“The integration of Senrio Insight with RSA NetWitness provides Security Administrators with a single pane of glass to monitor network activity and respond quickly to anomalies in your network.” 
  – RSA

RSA publication here: https://community.rsa.com/docs/DOC-85513
Full text of the Press release is here.

December 2017

Our VP of Research at Embedded Systems Conference 2017

**Six Degrees of IoT: Lateral Attacks Between Networked Devices

​**This talk explores the lateral attacks between networked embedded devices using real-world examples in popular devices. We live in a world heavily reliant on the devices that power our homes, hospitals, and critical infrastructure. These devices are connected in ways we never imagined. We know that IoT is ubiquitous and often insecure, but we haven’t yet grasped the full scope of how connected we really are, and how vulnerable that makes us. By changing how we view these essential devices, we can secure the future of our infrastructure and hospitals. 

Click here for more details of the event…

CTO and Founder of Senrio Live at #nullconchat

An exclusive Q&A with Stephen A. Ridley, CTO, and founder of Senrio on Decoding IoT Security at #nullconchat.

November 2017

Senrio’s Devil’s Ivy Vulnerability, Much Like it’s Namesake, Not Likely to Go Away Easily

Earlier this year, the IoT-focused security firm Senrio discovered a hackable flaw called Devil’s Ivy, which has the potential to put thousands of different models of security cameras at risk. The vulnerability is found in a piece of open source code called gSOAP, created and maintained by a small company named Genivia. At least 30 companies use gSOAP in their IoT products.

Read the full article…

Senrio at the American Water Summit 2017

Our founder and CTO Stephen Ridley asks the question: Can We Make the IoT Safe for Water? Find out the answer by attending the American Water Summit in Austin Nov 29-30. 

CTO of Senrio interview by Adobe CSO Brad Arkin

Adobe CSO Brad Arkin moderates a neat series of interviews with industry leaders. We were honored to have Mr. Arkin interview our CTO, Stephen Ridley about the security of devices of all kinds…and to discuss how the IoT security challenges (in particular) are merely a manifestation of traditional Application Security challenges.

VP of Research M. Carlton in the Boston Globe

If hackers attacked the hospital

NETWORKED “SMART” devices are poised to revolutionize health care, from infusion pumps that provide essential safety checks for the medications they deliver to multimillion-dollar robots that allow for more precise surgery and Bluetooth-connected pacemakers…

Read the article…

Senrio “Cover Feature” in ISC2 Magazine

CTO Stephen Ridley graced the cover of this month’s ISC2 magazine and was interviewed about threats to the Internet of Things. ISC2 is the organization responsible for cybersecurity industry standard certifications like the CISSP.

Read the full article (account required).

Senrio CTO Stephen Ridley on Malicious WhatsApp App

More than one million people were tricked into downloading a fake Android app that was pretending to be WhatsApp. Our founder and CTO commented to Vice:

“These things are not getting enough scrutiny […] why wouldn’t an app that has a huge number of downloads receive a little additional security scrutiny,” […]

Stephen is one of the co-authors of the Android Hacker’s Handbook.

VP of R&D M. Carlton’s Article in Stat Magazine

Networked “smart” devices are poised to revolutionize health care, from infusion pumps that provide essential safety checks for the medications they deliver to multimillion-dollar robots that allow for more precise surgery and Bluetooth-connected pacemakers. But with these new opportunities come new risks — especially in a vulnerable setting such as a hospital.

Read More

October 2017

Senrio CTO Stephen Ridley at ICS Cybersecurity Conference

In addition to leading class on a shortened version of our perennially popular hardware exploitation class, Stephen Ridley spoke about The Insecurity of the Internet of Things - highlighting our research on Devil’s Ivy - at the annual Industrial Control System Cybersecurity Conferencein Atlanta. 

September 2017

Founder and CTO of Senrio on The Insecurity of Industrial Things

In this talk we will share real-world vulnerabilities in industrial control environments and discuss why these insecure design patterns exist, including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting. Attendees will get an inside view into how attackers operate and walk away knowing what to look for when future-proofing our industrial control systems.

Click here for more details…

August 2017

Senrio the Exclusive Monitoring Solution of the IoT Village!

Defcon 2017 has come and gone, but Senrio was honored to support the fantastic IoT Village event this year. this year over 86 teams participated in the competition with hundreds of people watching lectures and participating in Q&A sessions. Our hat is off to ISE for yet another fantastic run of this event. In addition to our usual sponsorship support, Senrio also donated its flagship product Senrio Insight for use by the conference organizers to help them:

  • Detect attacks on all the IoT devices used in the Capture-The-Flag (CTF)  IoT hacking competition
  • Passively identify devices connected to the CTF network (participants and devices)
  • Debug networking issues
  • Provide network forensics 

We have a Twitter Moment capturing some of the tweets during the event. But we also have some fantastic photos to share in a large gallery within the next few days. We’ll announce it via twitter here.

Update: The full gallery of our photos from IoT Village 2017 is viewable here. Enjoy!

July 2017

ZDNet Coverage of Senrio’s Devil’s Ivy Vulnerability

Read the full article at ZDNet.

Millions of IoT devices are vulnerable to widespread bug

Researchers have found that security cameras using an open-source code called gSOAP could be easily hacked and that attackers can send commands remotely. This allowed the researchers at Senrio, a security firm focused on the internet of things, to take over a video feed, pause the recording and turn the camera off.

Read more at CNET

Zero-Day Exploit Surfaces that May Affect Millions of IoT Users

Senrio, which made the discovery when researching Axis security cameras, found the flaw in the communications layer of gSOAP, an XML web services development tool. gSOAP allows devices to communicate with the Internet.

Read more at Dark Reading

Vice Reporting on Senrio Devil’s Ivy Vulnerability

“We basically have complete control of the camera as if it was our own computer,” said Stephen Ridley, founder of security startup Senrio in a phone call with Motherboard.

Read the full article at Vice.

COO, Michael Tanji in Wired report on Senrio IoT Vulnerability Research

Read the full article at Wired.

Brian Krebs: Experts in Lather Over ‘gSOAP’ Security Flaw

Axis Communications — a maker of high-end security cameras whose devices can be found in many high-security areas — recently patched a dangerous coding flaw in virtually all of its products that an attacker could use to remotely seize control over or crash the devices.

The problem wasn’t specific to Axis, which seems to have reacted far more quickly than competitors to quash the bug. Rather, the vulnerability resides in open-source, third-party computer code that has been used in countless products and technologies (including a great many security cameras), meaning it may be some time before most vulnerable vendors ship out a fix — and even longer before users install it.

Still, there are almost certainly dozens of other companies that use the vulnerable gSOAP code library and haven’t (or won’t) issue updates to fix this flaw, says Stephen Ridley, chief technology officer and founder of Senrio — the security company that discovered and reported the bug. What’s more, because the vulnerable code is embedded within device firmware (the built-in software that powers hardware), there is no easy way for end users to tell if the firmware is affected without word one way or the other from the device maker.

Read the full article

The Sixth Year in a Row Our Trainings Sell Out at Black Hat

If you want to learn how to reverse engineer or exploit embedded systems and mobile devices, we can show you!

June 2017

Senrio Voted a “Must-See” Innovation at MD&M East!

Senrio was voted one of eleven MUST SEE innovations at MDM, the world’s largest Medical Device Manufacturers’ tradeshow! ​​

April 2017

Senrio: From IoT Security Research to IoT Security Product

​We were fortunate enough to talk with the venerable Infosec journalist Patrick Gray on his fantastic podcast “Risky Business”.  Hear why we shifted from offensive IoT security research to product. This is really our first public share of how our stuff works!

​You can link to it here: https://risky.biz/soapbox2/

March 2017

Senrio Listed as “Company to Watch in 2017”

Senrio Inc listed in CyberSecurity Ventures’ “Companies to Watch in 2017” list. The list tracks companies from all over the world based on several criteria which you can read about on their site

Senrio mentioned in Forbes article, 6 Hot IoT Security Technologies.

​IoT security analytics will increasingly be required to detect IoT-specific attacks and intrusions that are not identified by traditional network security solutions such as firecalls.

Read the full article… 

DuoSec Gives Our CTO a Shoutout!

CEO venerable of the DuoSecurity, Dug Song wrote a poignant blogpost honoring Black History Month. If you are unfamiliar with DuoSecurity, they are a information security startup rocketship providing Two-Factor Authentication and unprecedented security tools to enterprises worldwide.  It was quite nice to have our CTO listed alongside some incredible security icons. Thanks for including us. You can read that blogpost here:
https://duo.com/blog/honoring-black-history-month-in-cybersecurity

February 2017

DtSR Episode 230 - The IoT You Got for Christmas

On this Down the Security Rabbithole podcast we’re joined by Stephen A. Ridley & Jamison Utter for a discussion on the finer points of Internet of Things (IoT) security … or complete lack thereof. If you own gadgets that are ‘connected’ or you are ever around them (hint: you’re surrounded by things that pull IP addresses right now) then you need to listen to this podcast. Some great discussion in what was the very first podcast we recorded in 2017.

Listen here.

January 2017

FTC Files Lawsuit Against D-Link for Router and Camera Security Flaws

The FTC has filed a lawsuit against D-Link for failing to protect its customers against ‘well known and easily preventable software security flaws’ in its routers and IoT cameras.

Full Article

In a Post-Mirai world, The FTC Wants More Secure Routers from D-Link

The Federal Trade Commission filed a lawsuit against D-Link and experts said the move was likely to push more secure routers in the wake of the Mirai botnet attacks.

Full Article

Podcast: Can We Make CES Secure Again?

In-brief: With CES going on in Las Vegas, The Security Ledger sat down with three experts from the firm Senrio to talk about the new generation of connected consumer electronics. How vulnerable are they to attack? What is the best way to address security and privacy concerns in them? 

​How insecure are products like broadband routers and smart surveillance cameras? The Security Ledger sat down with three experts from the firm Senrio to discuss the matter.

Today, security is little more than a cost center for companies developing new, connected products. Building in security features, like a hardware security model or more robust application security and identity management features, adds to the complexity of the development process and the time needed to complete a product. On the other side of the ledger, however, there is little to compel smart device makers from expending that time and effort.

“(The FTC) is changing the cost benefit ratio of having security in products,” said Ridley. “Up to now, there has been no reason to have any security, so the stuff you’ve seen was more altruistic in nature.” The FTC’s suit against D-Link will give vendors pause, he said. “They have to ask: do we spend x on security now if we can avoid paying x-squared in the cost of litigation and class action suits,” Ridley said.

Listen to the Podcast here. ​

New Year’s Resolutions for IT Security Executives and the Cybersecurity Threats Facing Businesses in 2017

Stephen Ridley, Founder and CTO, Senrio​Published via distil Networks ​

What is one resolution every IT security executive should make for the coming year?
“DATA, DATA, DATA. Effective Information Security departments these days are less about cool tech for IR, detection, policy, and orchestration. We have a wealth of those for traditional endpoints/networks. What we now see is that Information Security (like the rest of technology) is that we need to be better about storing and utilizing data (and in an actionable time-frame). The largest transportation networks own no cars. The largest search engines and social media sites generate no content. It’s all about data management. Security is now no different. Solutions that don’t speak to how data is stored, searched, parsed, and effectively plugged into your existing architecture need to be ignored. Security products need to provide operational value now. We’ve evolved past the ‘how’ and now need to focus on the ‘why.’ Security solutions have the burden of bringing more to the enterprise than just security.

What’s the biggest cybersecurity threat facing companies in 2017?
“VISIBILITY, VISIBILITY, VISIBILITY. Networks have grown more diverse and now include more than just servers and endpoints that an agent can be installed into for policy, management, and enforcement. Gartner predicts that by 2020, over 15% of all network intrusions will leverage embedded devices. These devices are (from a CISO’s perspective) impossible to ‘get into.’ So how do you make sure these devices aren’t compromising your network security posture? Look for solutions that speak to this. This burgeoning blind-spot is symptomatic of the CURRENT ‘visibility’ problem. How can you cheaply and efficiently get visibility into the behavior of assets on your network without incurring the cost of archiving terabytes worth of pcaps? Visibility is king. And at the heart of the visibility problem is the DATA problem. The deluge of alerts. The overloaded SIEM. The ‘analysis paralysis’ of your Operations/Security team. Look clever solutions to the data/visibility problem that are tractable and accessible.”

Full Article

December 2016

Obama’s Cybersecurity Recommendations a Small Step Forward, But Need Teeth and Political Willpower

Last week’s report recommended training 100,000 new cybersecurity professionals and increasing federal R&D funding for cybersecurity by $4 billion over the next decade

“It’s not a very political issue,” said Jamison Utter, VP at Portland, Ore.-based Senrio, an IoT cybersecurity firm. “I believe that the issue is pretty strong and apparent, and doesn’t have much to do with party or politics. This is a societal problem, not a Democrat or Republican or whatever issue.”

Full Article

November 2016

DHS and NIST Release Complementary IoT Security Guidance

​New IoT security guidance from government agencies take on different aspects, with DHS tackling the basics and NIST giving a deeper take on securing new devices.

Two U.S. government agencies have released security guidance documents focusing heavily on IoT security following a series of massive distributed denial-of-service attacks that leveraged IoT devices using default security settings. Both the Department of Homeland Security (DHS) and the National Institute of Standards and Technology(NIST) have released recommendations for how to approach security for the internet of things (IoT). Experts said the IoT security guidance from DHS focuses on the basics, while NIST offers more of a how-to for businesses.

[…] ​Jamison Utter, vice president at IoT cybersecurity firm Senrio, said “it’s important at this phase for any governing body to set for things that are high-impact, but very achievable.”

“For example, in the ‘Incorporate Security at the Design Phase’ section is to enable security by default,” Utter told SearchSecurity via email. “This single recommendation of changing default passwords would have a profound impact on simple compromises – and 90% are simple. Mirai, for example, uses default passwords.”

Full Article

Edge Device Security in the World of Internet of Things

Vera Sell, VP of Marketing at Senrio, discusses edge device vulnerabilities, the Internet of Things and best practices to secure them. The video covers:

  • How the lack of a UI introduces new challenges in cybersecurity.
  • Top three tips for firmware security.
  • The shortcomings of most security monitoring systems.
  • Why deep packet inspection can fall short in IoT.
  • The problems with using micro segmentation as a security mechanism.

​This video was published in IoT-Inc. See detailed show notes and additional useful information here.

October 2016

Risky Business #433 – Mirai Ain’t Going Anywhere

Long refresh cycles on IoT mean we have a real problem…

​On this week’s show we’re taking a look at the Great DDoSSening of 2016! Yep, we’ll be having a look at the attacks against Dyn, but perhaps more importantly we’ll be asking the question: With a zillion perma-owned things out there able to launch some pretty serious DDoS attacks: What now?

IoT device security specialist Stephen Ridley will join us in this week’s feature slot to discuss that.

Listen here.

The Security Ledger: Shoddy Supply Chain Lurks Behind Mirai Botnet

In-brief: A common, China-based supplier of management software is the common thread that ties together the myriad digital video recorders, IP-based cameras and other devices that make up the Mirai botnet, according to analysis by the firm Flashpoint.

The problems with the XiongMai devices underscores a general lack of security in the supply chain for devices that are currently being sold globally, said Jamison Utter of the firm Senrio. “Manufacturers really have no guidance on what is good or bad or what they should be doing. It might seem obvious to us that you don’t build devices with unchangeable default administrator account names and passwords, but from their standpoint, there’s no checklist or guidance on what industry best practices are.”

Full Article 

Senrio Discussed IoT Security at Smart Technology Show

Device makers and vendors gather to discuss the future of IoT. 

IOT SET TO CHANGE SECURITY PRIORITIES
As technology becomes more entwined with the world will security failures have a graver impact?

The security industry has not done a great job at protecting our computers and servers. And now we are connecting billions of devices with no or minimal security. IoT poses a real threat to physical safety, cybersecurity, financial and privacy risk. The risk is systemic and at a much bigger scale than we have seen in traditional IT. IoT security requires a scalable and procedural approach - to replace the fragmented and ad hoc practices we currently have in place. ​

September 2016

CSO: DDoS Takedown Powered by IoT Devices

DDoS attacks are nothing new, nor is it new for Krebs on Security to be a target, but the recent attack that forced the site off the network is reported to have been powered entirely by internet of things devices. Former U.S. Defense offensive security researcher and founder of IoT cybersecurity company, Senrio, Stephen A. Ridley said that’s no surprise. “This should serve as a serious wake up call that IoT has a serious security problem,” Ridley said.

Full Article 

SC Magazine: Cisco warns of exploitation of new flaws linked to Shadow Brokers exploits

Cisco issued an advisory for a flaw that the company has linked to exploits released by the Shadow Brokers group a month ago. The vulnerability (CVE-2016-6415), which has not yet been patched by the firewall manufacturer, affects Cisco IOS, Cisco IOS XE and Cisco IOS XR Software, and could be exploited by unauthenticated, remote attackers to execute arbitrary code. The vulnerability affects Internet Key Exchange (IKEv1) packet processing.

​Senrio ‎CTO and founder Stephen Ridley told SCMagazine.com that researchers are more able to discover “the hallmark of a specific attack” following the release of code containing exploits affecting Cisco products. Companies have likely been observing the behavior of their network traffic, he said. He told SCMagazine.com that he suspects new vulnerabilities “could have been discovered” through an examination of network traffic in the wild. The “1-day” tactic used to be primarily an offensive tool, he said, referring to the process of reverse engineering a vulnerability from a manufacture’s patch. ”1-days” are highly valuable, Ridley noted, especially concerning networking equipment and embedded devices due to difficulties applying patches to embedded systems.
Full Article

Risky Business #426: Podcast Featuring Stephen Ridley Chatting About All Things IoT

Risky Business #426 – House Oversight Committee drops OPM breach report PLUS St Jude sues MedSecReleasedSep 08, 2016

In this week’s feature interview we chat with Stephen Ridley about all things IoT. Stephen is a researcher turned entrepreneur and he’ll be along to talk about the platform consolidation we’re going to see when it comes to “things”. Once that settles, he argues, we’ll get a better idea of the security risks we should really, actually be worried about. In this week’s sponsor interview we’re chatting with Simon Galbally at Senetas. Listen now.

August 2016

Industry pros react to Cisco, Fortinet advisories after possible Snowden NSA leak

Code leaked on Github by the Shadow Brokers group this past weekend has unnerved security researchers, as some evidence emerges possibly linking the exploits to the National Security Agency (NSA). […] One security professional told SCMagazine.com that the speed at which the discussion involving attribution of the exploits and the leaked code is “astonishing”. The security industry “agreed that attribution is difficult, and then at one point, we forgot,” Senrio CEO Stephen Ridley told SCMagazine.com. He said the latest evidence is “definitely pretty strong attribution evidence,” but noted that the chronology is not “bullet-proof.”
Full Article

Protecting Our Data Blind spots: Senrio Brings Needed Visibility to IoT Vulnerabilities

Not long ago, we sat down with Portland startup founder Stephen Ridley, the founder of Senrio. Senrio is an entirely new approach to data security, a Software as a Service product that easily scales to protect all kinds of companies, from small businesses to major medical, critical infrastructure, and financial institutions.

For this edition of the Making Oregon podcast we bring you one interview divided into two episodes.

In the first half, we ask Stephen to tell us about his path from teenage hacker to working for the Department of Defense, Wall Street banks and social media companies. He’ll tell us how his love of research eventually lead him to become an entrepreneur—two pursuits that require very different skill sets. He’ll describe Senrio, how it works, and what makes it different from other security applications. We’ll learn how it addresses the vulnerabilities found in embedded systems. And yes, we’ll explain how ubiquitous embedded systems are—and here’s a hint—they exist in your cell phone.

In our second episode, we back track for a couple minutes and make sure everyone is on the same page with understanding how Senrio works. Then we dive into a discussion about best practices for protecting data, especially if you are a small business. Stephen will also talk about the vulnerabilities he and his developers find in consumer electronics and how Senrio can play a role in providing solutions. Plus, we’ll get his take on data privacy, metadata and what social media giants like Facebook are doing with the information users supply, whether they know it or not. Finally, we’ll ask whether data privacy really exists in today’s world and how Stephen balances his awareness of security issues with his own personal practices in daily life.

Listen here

July 2016

The Register: 414,949 D-Link cameras, IoT devices can be hijacked over the net

Shodan has turned up half a million D-Link devices exposed to the internet, and subject to easy hijacking using zero-day vulnerabilities. The stack overflow vulnerabilities affect more than 120 D-Link products, from Wi-Fi cameras to routers and modems, and allow remote attackers to completely hijack the administer account of the devices to install backdoors and intercept traffic.

Full Article

ZDNet: Security flaw in D-Link Wi-Fi products exposes 400,000 devices

It takes only a single line of code to hijack over 400,000 vulnerable D-Link devices. The stack overflow issue gives attackers the opportunity to overwrite administrator passwords in home Wi-Fi cameras, placing users at risk of being spied upon. The remote execution flaw not only allows an attacker to set their own custom password to access devices but also add new users with admin access to the interface, download malicious firmware or reconfigure products how they please. 

Full Article

D-Link Webcams Vulnerable to Hacking

Senrio, a private security firm, announced that it had discovered a remote code execution vulnerability in D-Link’s latest firmware version that could affect five cameras in the D-Link product line, including the DCS-930L Network Cloud Camera.

Read more at PC Mag

D-Link Wi-Fi Camera Flaw Extends To 120 Products

Researchers at Senrio, who found the original vulnerability, disclosed today additional details of product vulnerabilities related to the component after collaborating with D-Link. Senrio said the flaw also puts D-Link Connected Home products at risk, including other cameras, routers, models and storage devices.

​Read more at Threat Post

June 2016

Senrio’s IoT cybersecurity platform comes out of stealth with first round of funding

Portland-based Internet of Things cybersecurity provider Senrio has officially emerged from stealth to launch a platform which provides defence in healthcare, critical infrastructure, and retail environments.

​Read more at IoT Tech News

Startup Senrio Sniffs Out Stealth IoT Devices on your Network

A new start-up, Senrio, unveiled its sensor this week: a new security monitoring tool that can identify and monitor embedded devices connected to your network and spot anomalous or malicious behavior.

Read the full article at The Security Ledger

Serious Flaw Found in Popular D-Link Wi-Fi Camera

An unpatched vulnerability in a popular Wi-Fi camera from D-Link allows hackers to reset the device’s password and gain remote access to its video feed.

Read more at Security Week

Senrio Emerges from Stealth Mode with Internet of Things Cybersecurity Platform

Today, Senrio, an Internet of Things (IoT) cybersecurity solution, emerges from stealth mode with the launch of an IoT network cybersecurity platform that provides visibility and defense for networked embedded devices (NEDs) used in healthcare, critical infrastructure, retail and corporate environments.

“The market needs a comprehensive answer to the IoT dilemma: A dramatic increase of deployed devices, high susceptibility to attacks due to inherent vulnerabilities and high value of the accessible assets. Today, there are few solutions to this challenge. However, Senrio offers a much-needed new approach,” said Christina Richmond, Program Director, Security Services, IDC.

Read More

D-Link camera can be hijacked to become a spy-cam

This vulnerability can be exploited with a single command which contains custom assembly code and a string crafted to exercise the overflow.

Read more at Network World

Senrio exits stealth to defend the Internet of Things from hackers

Senrio’s algorithms scan the devices on a company’s network for software vulnerabilities and configuration problems that might be exploited by hackers. Meanwhile, a passive monitoring component records the behavior patterns of each device to understand what constitutes normal usage.

​Read more at Silicon Angle

Senrio Emerges from Stealth Mode with Internet of Things Cybersecurity Platform

Today, Senrio, an Internet of Things (IoT) cybersecurity solution, emerges from stealth mode with the launch of an IoT network cybersecurity platform that provides visibility and defense for networked embedded devices (NEDs) used in healthcare, critical infrastructure, retail and corporate environments.

​Read more at Business Wire

Unpatched D-Link Wi-Fi Camera Flaw Remotely Exploitable

The vulnerability is a stack overflow in software running on the camera, specifically a service that processes remote commands, Senrio said in its report.
“The vulnerability allows code injection and causes a password reset, granting the attacker remote access to the camera feed,” Senrio said. “Thus, even if users create a strong password, this type of vulnerability can override them.”

Read more at Threatpost

May 2016

Senrio Finds Hidden “Features” in Remote Power Management (RPM) Device

One hidden feature in the device’s firmware lets anyone remotely reset the NetBooter device to its factory default configuration – an action that would sever it from the network. Another allows anyone to modify network and system settings. A third, hidden function could be used to extract data (like a recently entered password) stored in the device’s memory, according to Stephen Ridley, a principal at Senrio.  

Read the full article…