Tag: Iot

  • Raxis Supports Pensacola ROV Team

    Pensacola Catholic High School’s “Crubotics” team won MATE’s North Gulf Coast regional remotely operated vehicle (ROV) competition and is headed for the world championship in California. Raxis proudly celebrates this wonderful accomplishment by helping sponsor the journey.

    Next week, 14 students and two teachers from Pensacola Catholic High School will travel to Long Beach, California to match their remotely operated vehicle (ROV) – designed to probe the ocean below the arctic ice – against other regional winners from around the world.

    The competition is conducted by MATE (Marine Advanced Technology Education) whose mission is to use the development of the ROV to teach students both STEM skills as well as help develop an entrepreneurial mindset so that they develop the technology with an eye toward forming companies and creating jobs around it.

    Crubotics – a portmanteau of robotics and the CHS Crusader mascot – has competed in the Northern Gulf Coast regional competition for the past five years, with the exception of a break for COVID.  In April, the team bested the field and earned the right to travel to California for the world challenge.

    “Of course, I was proud of the victory, but I was even more impressed by how they handled adversity. When things started to go wrong, they pulled together as a team, quickly and calmly developing a solution. It was incredible to watch.”

    CHS Science Teacher Dana Lupton, team mentor

    The ROV must enter the water through a hole in the ice, navigate to the ocean floor, and monitor and report back conditions in real time. As an added layer of difficulty, the ROV’s software must incorporate artificial intelligence (AI) that can identify schools of fish and estimate their numbers, locate and retrieve any dead fish, and stitch together a composite picture of the surroundings.

    The Crubotics ROV ready for competition.

    From California, the team won’t be testing the ROV in actual arctic conditions, but the challenges are formidable even in the controlled conditions of a swimming pool. For example, the ROV must enter the water through a hole in the ice, navigate to the ocean floor, and monitor and report back conditions in real time. As an added layer of difficulty, the ROV’s software must incorporate artificial intelligence (AI) that can identify schools of fish and estimate their numbers, locate and retrieve any dead fish, and stitch together a composite picture of the surroundings.

    “This is a very complex blend of hardware and software that would challenge adults trained in these disciplines,” Lupton said. “To see a group of young people step in and take on the roles that emerged based on needs is a real inspiration.”

    The trip to California is being underwritten in part by a sponsorship from Raxis, an Atlanta-based penetration testing firm with strong ties to Pensacola and the CyberCoast.

    “It was intense curiosity about how things work that led me to a career in pentesting and ultimately to create a company of like-minded professionals. I’m absolutely thrilled to see high-school students taking on challenges like this because the payoff for them – and for our planet – will be immeasurable.”

    Mark Puckett, CEO, Raxis

  • Meet the Team: Adam Fernandez, Lead Developer

    Hi, everyone! I’m Adam Fernandez, and it’s my turn to introduce myself as part of the Raxis Meet the Team series. So, I spoke to our marketing specialist, and we talked about my how I came to be a security professional. (As it turns out, I started down that path early in life). I certainly enjoy working with this team and, if you think you might also, read on and then check out our careers page or subscribe to our YouTube channel.

    Jim:  Adam, you’ve done a lot penetration tests, but your title is Lead Developer. What’s going on there?

    Adam: I started out at Raxis as a penetration tester when I joined the company in 2017, but I also enjoy developing software, testing devices, and taking apart and building new ones. One of the great things about working for Raxis is that our leaders understand how those skills complement each other, and I have a lot of flexibility to work on new and advanced projects in addition to helping with pentesting engagements.

    Jim: As I understand it, you came to Raxis from an entirely different career field, right?

    Adam: That’s right. I actually studied stage management and lighting design at Kennesaw State University. In fact, theater was the focus of much of my time at Woodstock High School in Woodstock, GA as well as in college.

    I started out as a stagehand, moving a ladder on and off stage. But I really wanted to work with sound and lighting, so I started learning as much as I could about that through YouTube videos, the Internet, and books my mom bought for me. I also sought out internships in Seattle, where I lived in the summers, and worked on the production of Sweeney Todd at SecondStory Reparatory Theater.

    Jim: Did that help spur your interest in development?

    Adam: In a way. As I transitioned into stage management, I knew that the sound and lighting people needed a better system for taking their cues, and my high school couldn’t afford an expensive solution. I really believed that was something I could figure out. So, I built a device to let them know what they were supposed to be doing when. Then I sold it to the school for $350.

    The device Adam created as a senior in high school.

    Jim: That’s pretty amazing for a student, but you didn’t stop there, right?

    Adam: No, I also wanted the theater department to have its own website to manage membership dues and ticket sales, so I created the whole thing from scratch. It was the ugliest site ever, but the school paid me $500 per year to manage it.

    Jim: Sounds like you were a bit of an entrepreneur as well.

    Adam: Well, I did create my first company at KSU. I developed software that would automate the audition process with searchable applications and headshots. The school paid me to manage events, but there was a rule that prevented them from paying students directly, so I had to create a company to make it all legit.

    Jim: So, how did you move from doing events at KSU to penetration testing?

    Adam: Well, I was also a student assistant at KSU for the Facilities Manager, Brad Herring, who ended up leaving KSU to go to work with Raxis and is now VP of Business Development. After he’d been here a while, he told me, “I think you’d be really good at pentesting, and I want you to talk to our CEO.” Brad’s always been a mentor to me and one of my best friends, so I took his advice and had lunch with him and (Raxis CEO) Mark Puckett. Before I knew it, I was working in a fascinating new field that I loved.

    Jim: What is it about cybersecurity that’s interesting to you? How did you make that leap?

    Adam: Looking back on it, security really wasn’t a leap at all. I remember as a small child, having an intense interest in padlocks and how they worked. I asked for a safe for Christmas one year. Then, it was spy gadgets, alarms, and games. My stepdad was a software developer, and, at a very young age, he helped me make a program that required you to enter a certain color sequence to unlock the app.

    Now, I’m intrigued by using software to control things in the real world, which is why I love the IoT and figuring out how various devices work. In fact, I have an electronic access keycard system at my house. It’s antiquated, but I bought it in part so that I could reverse engineer it and learn how it works.

    Adam’s favorite device is his Tesla

    Jim: Do you get to work with devices at Raxis?

    Adam: Yes, we have our Transporter that we use to do remote pentesting, and we recently bought the Boscloner company. That’s a very advanced badge-cloning device. Of course, with more and more devices online, IoT security is becoming a lot more important every day.

    Jim: What’s your favorite part about working with Raxis?

    Adam: I love having the ability to introduce new ideas and not only have them heard but also make them a reality. And Raxis just feels like family. Theatre was like that too, but this feels way more genuine.

  • Three Questions to Ask Before Connecting a Device to the Internet

    “In theory, even our refrigerators could turn against us and order low-fat ice cream instead of our Ben & Jerry’s.”

    Raxis Lead Penetration Tester, Scottie Cole

    I’m a gadget guy with a lot of IT experience, which of course makes me the pro bono tech troubleshooter for every friend and relative within 100 miles. It also means I’m the guy they call when they want to connect their latest gizmo to the Internet.

    I don’t usually mind helping, but I often find myself wondering if people are putting enough thought behind this race to connect to the Internet of Things (IoT). 

    Ha! Just kidding. I know for a fact that most aren’t putting any thought behind it.

    The allure of convenience, the snob appeal of being an early adopter, and the FOMO factor make it incredibly easy to sell these devices. But there’s no incentive to also talk about security issues – and that’s a big problem. 

    So, as a public service, I’m taking off my gadget-geek gear and putting on my professional hacker hoodie. Before you connect any device to the Internet, ask yourself these questions (and answer them honestly):

    Will I really use it as much as I think? This is about more than simply being frugal. The less you use a device or an associated app, the more likely you are to miss important updates and leave security patches uninstalled. You might not be paying attention, but hackers surely are. Which brings up a second question . . . 

    Can I secure it? Why don’t we pose that question to Alexa? Oh, wait. Can we trust her? Really, we only have a pinky swear from the company that she’s not spying on us. And that’s a potential problem with many devices. Even as a security professional, I can only control the security on my end. If it’s a centrally administered service, I have to also trust the company to protect access to the device as well. That’s why it pays to really read what they have to say about security. And that raises a third, even more important question . . . 

    What am I putting at risk if it’s hacked? One of the great IoT ironies is that some of the products sold under the guise of making us more secure are often the most vulnerable to attack. That means security cameras can turn into spy cameras. The ability to lock our doors remotely means they can be unlocked the same way. In theory, even our refrigerators could turn against us and order low-fat ice cream instead of our Ben & Jerry’s.

    A more urgent concern is that any device connected to your network can become a pathway for unauthorized access. If you think that’s unlikely, watch my colleague Scott Sailors hack a wireless mouse. From a practical perspective, that means you should segment your network so that, if your toaster is hacked, you’re not putting all your bank and credit card data at risk as well. 

    The reality is that connected devices are improving our lives dramatically and we haven’t even scratched the surface of their real capabilities. It’s exciting to realize that more and more devices are becoming smarter and more capable. In order to fully enjoy the advantages of being connected, we simply need to be realistic about our abilities, mindful of the risks we take, and diligent about mitigating them effectively.

    Companies hire the team here at Raxis to identify vulnerabilities and correct them before hackers can take advantage. As individuals, it’s up to us to do it ourselves.

    Of course, you can also call on a friend or relative to help. (Not me, though. I’m all booked up through the end of the year.)

  • So, I Hacked a Tesla . . .

    Tesla deserves great credit for bringing electric vehicles into the mainstream. Say what you will about Elon Musk, his vision is proving wildly successful in a space where many others have failed.

    Even so, if the two of us could have a conversation, I’d probably recommend that the company invest more time and resources in cybersecurity for its vehicles. 

    Here’s why:

    Recently I decided to see how easy it would be for my personal Tesla to be hacked — and stolen. As you will see in the video below, with some commonly used tactics, it was relatively quick and easy. 

    The attack demonstrated in the video relies on phishing to get the victim’s credentials. At that point, the hacker has complete control and can do pretty much whatever they wish — including unlocking the car and driving away. 

    The video demonstrates why, if you’re not careful, your Tesla could be compromised and stolen without a lot of effort from the attacker. 

    Until the company itself adds more protection, it’s up to you to take some basic precautions. By the way, it’s wise to follow these practices no matter if it’s your Tesla, your bank account, your Twitter feed, or any online account.

    • Stay vigilant and question any WiFi network that asks you to connect.
    • Never give account information, credentials, or access tokens to a third party unless it is absolutely necessary.
    • Every account you create should have a unique and strong password. Every. Single. Account.
    • If your account is compromised, immediately reset your password and let the company or companies know.

    Here at Raxis, we offer a broad range of services to help find security vulnerabilities within your organization. And though a typical penetration test would not uncover this type of vulnerability, a Raxis red team assessment could. 

    Our red team assessments tests your organization’s security from top to bottom and end to end to uncover any way your network can be compromised by a skilled and determined attacker. If you are ready to take control of your company’s security, contact us and let us see how we can help. 

  • Securing the Internet of Things

    The term “Internet of Things” is almost redundant now. If it’s a “thing” that has more than one setting, odds are it is or can be online. Whether or not you need remote access to your toaster oven is a question for another day, but it is an option

    Here’s the problem: As the Raxis team proves on a near-daily basis, anything that’s connected can be hacked. It’s not that someone’s going to overcook your morning bagel as a prank (although that would be a good one). Instead, it’s that uncontrolled access to any device can give a bad guy a way into your network (and maybe all your devices) if you’re not careful.

    The good news is that there are some simple safeguards you can take to protect your smart devices, and our new Securing the Internet of Things series will take you through them.

    Scottie Cole, senior penetration tester, is kicking things off with the quick video above about securing your home thermostat or corporate HVAC system. I encourage you to watch and to follow Scottie’s advice. Better to take a few minutes now than take a big loss later.

    PS – We’ll do a video on protecting your smart toaster . . . as soon as we find someone who owns one.