We have been selected by the CIO Applications Europe magazine to be part of their top 10 IoT companies in Europe. We share the spotlight with companies like: DeltaM2M, Green Tropism, Overkiz and Net4Things.

Additionally we have been awarded the cover story!

Read more

We finally have the confirmed dates for our 2020 IoT and IIoT Security Trainings! 

Read more

We are very glad to announce that we will be part of one of the biggest IT Security events of the world: Black Hat!

This prestigious event (European edition) will take place at the Excel London from December 2nd till December 5th,, 2019; and it is a great opportunity for all security professionals, both offensive and defensive hackers to keep their skills sharp in order to defend tomorrow’s InfoSec landscape, and to grow their network with colleagues from all over the world.

This year, our very own Pablo Endres will be co-teaching the Assessing and exploiting control systems & IIoT Training along with the world-renowned trainer Justin Searle. It is a four day training, that will cover the basic control system concepts, systems, and devices; hands-on exercises performed on a mixture of real world and simulated devices to provide participants the most realistic experience as possible; architecture reviews of major ICS and smart grid systems; introduction to Control Things Platform and NESCOR methodology for penetration testing; assessing and exploiting ICS Communication Protocols, ICS RF Communications, ICS Embedded Electronics and more.

We will be adding this training to our portfolio coming 2020. Please contact us if you are interested in a private class or follow us on social media to find out when and where the public classes will take place.

If you have any questions or just want to reach to us, please do not hesitate to contact us and we will provide any additional information you need.
We are looking forward to seeing you there!

We are very glad to announce that SevenShift will be present at the second Cybersecurity Leadership Summit in Berlin. This remarkable event will take place at the Humboldt Carré on November 12th – 14th, 2019.

Our managing director Pablo Endres, will be part of the discussion panel: Industrial Internet of Things (IIoT) – A Cybersecurity Perspective.

If you are a security professional and are interested in IoT, Data Security and Social Engineering threats, Artificial Intelligence in Cybersecurity, and other related topics, then this is the place to be. Come join us and be part of this unique opportunity to network with colleagues concerned with the same issues as you, and meet experts who will help you keep up to date so you can face the challenges cybersecurity poses.

If you have any questions or just want to reach to us, please do not hesitate to contact us and we will provide any additional information you need.
We are looking forward to seeing you there!

Follow us on Twitter, LinkedIn or Xing to get updates.

We are very glad to announce that our Trainings are now available at Springest and many company internal training portals, that are powered by it. For example, Uniper, Eneco, Abbott, Fibrant and many more!
So if your company uses Springest, please take advantage of the opportunity of booking your training there!

Springest is a great website where you find all kind of training programs and courses, for individuals and organizations. It is a pleasure to be now listed at this amazing platform and its broad partner ecosystem.

In November, we will be holding an IoT Security Bootcamp and an IoT Security Manager Training in Cologne. As usual, they will cover all aspects of IoT Security, from the technologies and testing methodologies to the vulnerabilities.
You will receive you own IoT Security Hacking Kit to keep training at home or at the office.
Keep your skills up to date and sharp, and grow your network at our Trainings. If you need help selecting a training or just want to reach to us, please do not hesitate to contact us and we will provide any additional information you need.

We are looking forward to seeing you in Cologne!

We are very glad to announce that we are now partners with ISH – Information Security Hub at the Munich Airport. This is a world-class cyber security competence center, with a focus on highly critical infrastructure, a long-standing experience and a broad partner ecosystem. Keep your skills up to date and sharp, and grow your network at this fascinating, modern and versatile training facility.

This year SevenShift will be holding two IoT Security Bootcamps at this great facility in Munich: The first one will take place on September 10th – 12th , and the second one will be on November 5th-7th, 2019. We will be teaching our 3-day hands-on IoT hacking class, but in a different location. As usual, the training will cover all aspects of IoT Security, from the technologies and testing methodologies to the vulnerabilities. The main focus will be offensive security: attacking and testing devices and platforms.

If you need help selecting a training or just want to reach to us, please do not hesitate to contact us and we will provide any additional information you need.

We are looking forward to seeing you there!

Follow us on Twitter, LinkedIn or Xing to get updates.

Update: The date dates have been updated.

We are proud to announce that after lots of work we are adding a new capability to our IoT Testing portafolio: 2G. With our new cellular network we have full visibility of Voice, SMS and Data transmitted using this technology.

IoT 2G Attack surface

Until now, our clients had to trust the device manufacturers on what what was being transmitted over the 2G interface or perform a full source code analysis. By using our own cellular network in an EMF shielded room or tent, SevenShift now has control of the 2G network, allowing us to see and attack all communications.

SevenShift 2G Network equipment

 

 

Why 2G, in a world where many other faster protocols are available?

Costs are an important factor in IoT, especially consumer IoT, where the manufacturers try to keep the unit cost as low as possible. This allows them to reduce the price on the devices and of course increase their margin.
The initial cost of the modem / communication modules have a great weight in this area, for example we found this pricing overview here, which illustrates the point:

 

SigFox (TD1207R) LoRaWAN (RN2483)
2G
(u-blox SARA G350)
3G
(u-blox SARA U270)
WiFi
(Cypress BCM43362)
11,00 €
12,43 €
11,56 €
29,18 €
10,48 €

 

As you can see, using a 3G modem more than doubles the price of a 2G modem.
The table above is by no means up to date and will vary depending on the manufacturer and unit count, but it gives us a good idea.

What can we do with the new 2G capabilities?

We are now in the position to perform all the tests we are used to perform for other IP based technologies:

  • Create an accurate communication matrix of the device: with whom, why and how it communicates with.
  • Perform Man in the Middle (MiTM) attacks
  • Verify correct use of encryption, including correct usage and validation of SSL / TLS certificates
  • Attack the device via the 2G interface
  • Emulate any GSM network and observe the behavior
  • And much more…

If you want to book 2G tests for your devices, contact us now.