Software Vulnerabilities

X-Force Red in Action: Spotlight on Hardware Testing with Ivan Reedman

Play the latest episode
Jul 5, 2018
19 minutes


Listen to the Security Intelligence Podcast wherever you get your podcasts.

X-Force Red in Action: Spotlight on Hardware Testing with Ivan Reedman
July 5, 2018
| |
2 min read

Listen to this podcast now on iTunes, Soundcloud or wherever you find your favorite content.

In the latest episode of the X-Force Red in Action podcast, we dive into the world of hardware testing with Ivan Reedman, global hardware security and capability development lead at IBM X-Force Red.

The Toymaker Tackles Hardware Flaws

Reedman is known as “The Toymaker” among his teammates, and his passion is creating hardware-based tools to compromise physical devices. Why hardware? While traditional penetration testing can reveal fixable software or configuration flaws, physical hardware can’t be patched. Threat actors who get their hands on these devices could bypass security certificates, steal data and leverage other IoT devices for a back-end attack.

The big problem with hardware, according to Reedman, is implied trust. Users naturally trust devices to secure data — but both commercial and industrial devices struggle to do just that.

Reedman’s rule of thumb is that security is less costly when built into hardware design from the start. After all, finding the resources for better hardware protection is cheaper than recalling and redesigning millions of products.

Listen to the podcast

Fulfilling the X-Force Red Mission, One Appliance at a Time

For Reedman, the current security landscape suggested a solution: Design physical products to help mitigate hardware design flaws. These include common problems like developers forgetting to remove code or merely disabling debugging interfaces, which are still accessible at the beginning of the boot cycle. And once his patent is officially filed, we’ll be able to hear much more about the solution Reedman has identified.

Not surprisingly, the Toymaker’s passion for tinkering and design also carries over to his everyday life. He recently discovered that his smart washing machine could be compromised when he figured out how to quickly turn the hot water solenoid on and off — so quickly, in fact, that the natural gas used to heat the water didn’t have time to ignite after being released by his furnace.

After several cycles, he left the solenoid just a little longer, which prompted a discussion with his wife about why he was trying to blow up the house.

Humor aside, this story underpins the critical mission of both X-Force Red and Ivan Reedman: to test, identify and eliminate potential vulnerabilities — no matter where they occur.

Stay Ahead of the Threat

Need a refresher on what this series is all about? Check out the first episode of the series to hear Thomas MacKenzie, associate partner at IBM X-Force Red, talk about Internet of Things (IoT) security.

Read the IBM X-Force Research Report: Weaponizing the Internet of Things

Never miss a new episode of X-Force Red in Action! Subscribe to the SecurityIntelligence Podcast on iTunes or your favorite podcast platform.

Anshul Garg
Product Marketing Manager, Cloud Pak for Security, IBM

Anshul Garg is a passionate marketer looking to help organizations stay ahead of threat actors. He has 12+ years of experience across Product Marketing and P...
read more

Your browser doesn't support HTML5 audio
Press play to continue listening
00:00 00:00