Robotic robbers, sabotaged Segway scooters, malicious medical equipment… You name the device, and IOActive has found a way for hackers to turn it against you.
IOActive CEO Jennifer Sunshine Steffens is now in her tenth year at the helm of the security company, known for its pioneering vulnerability research. Over the last decade, the company has expanded its IT security offerings across all of its technical and programmatic advisory services, while presenting its self-funded research at more than 500 conferences around the world.
Just last March, IOActive researchers revealed a proof-of-concept attack that compromises the NAO and Pepper robots from SoftBank Robotics. Using this exploit, attackers can disable features and change settings, monitor video and audio, elevate privileges, and even alter behavior files so that the robots demand a ransom payment in order to function properly.
Several months earlier, the company released a white paper outlining 147 cybersecurity vulnerabilities in 34 mobile applications used in conjunction with industrial control SCADA systems. Exploiting some of these flaws could compromise industrial network infrastructure and cause a SCADA operator to unknowingly perform a destructive action.
“I believe the work we’re doing to uncover vulnerabilities that impact critical infrastructure, which involves human safety, is very important right now,” says Steffens. “The possibility of physical or cyberattacks on the electric grid, water supply, nuclear power plants and even our hospitals are very real and keep me up at night.”
In July 2017, IOActive revealed several vulnerabilities in widely deployed radiation monitoring devices also used on critical infrastructure. That same month, the company announced it found a way to bypass a Segway scooter’s safety features and apply a malicious firmware update, in order to suddenly turn off its motors or remotely control it while someone is riding.
Under Steffens’ watch, IOActive also continues to be especially invested in researching the security of medical devices. Steffens felt compelled to emphasize this area of research after her own father’s pacemaker was subject to a recall three separate times.
“When I look back at the last 12 months, one of the key messages we’re trying to convey at IOActive is to ensure security has a voice at the table throughout the development process. Innovation has the ability to provide longer, healthier, happier lives,” says Steffens. But therein lies the challenge: many software developers still “are not thinking proactively to build code securely, and we know this problem persists because we continue to find the same types of vulnerabilities in our research, over and over again,” she continued.
To help promote diversity within her own industry, Steffens founded and hosts IOActive’s “Women, Wisdom & Wine” networking events in major cities across the globe, in tandem with leading industry events and conferences. Steffens is also an active member of the Executive Women’s Forum, the Information Security Systems Association (ISSA) and the Open Web Application Security Project (OWASP).