I received my first cease and desist for responsibly disclosing a critical vulnerability that gives a remote unauthenticated attacker full access to modify a traffic controller and change stoplights. Does this make me a Security Researcher now?
Lemon
316 posts
Lemon
@Lemonitup
Principal Security Engineer @ Red Threat linkedin.com/in/lemonitup/
- Replying to @plaverty9Probably not, I don't like when people threaten me, I feel like I tried to do the right thing by reaching out. I'm just waiting on MITRE to assign me a CVE.
- Replying to @plaverty9The state left their DOT sticker on the side and the config included the intersection the controller used to reside at, but I'm afraid it would just lead to more backlash.
- Replying to @plaverty9That's the hope for now. Last thing I want to do is drop a POC for the world to be able to modify traffic patterns.
- Replying to @damdandusmusI can trigger flashing all reds very easy or all reds solid, but even modifying the drivers won’t give me all greens because the CMU is really good at its job.
- Replying to @vxundergroundLooks more like a technical issue than a “hack”. If someone went through all the effort to compromise the digital sign they would Rick roll the strip not pull up the wifi menu.
- Replying to @notselwyn… the poc is so lame, it was the first thing I tried and requires zero code.
- Replying to @mubixI’ve been seeing this tool on a lot of incidents recently: github.com/OmriBaso/BesoT… Or If it’s an rdp session you can use this trick. ired.team/offensive-secu… after that use rsat and add a new DA
- If you thought the response from the vendor was lame, wait until you see how easy the “exploit” is.
- In preparation for Defcon next week I decided to do some car hacking. Turns out my car natively plays mp3s from a usb floppy drive. #DEFCON #carhacking
00:00 - Anyone else working IRs on the Barracuda 0-day encountered all the domain admins having reversible encryption enabled?
- Replying to @cybersecmegOpen AWS cost explorer, Contact legal, Activate incident response retainer, update resume.
- My research on Traffic Control Systems is live!NEW: A researcher found traffic light controllers on the internet with no authentication at all, potentially allowing hackers to create traffic jams. Researcher says that company who make the devices threatened legal action instead of working to fix. techcrunch.com/2024/07/18/hac…
