Wednesday, June 1, 2016

DHS Funding for IoT Security!

We’re proud to announce that we’ve been awarded funding through Department of Homeland Security Silicon Valley Innovation Program.  The security of IoT is a concern for organizations in many different industries; we’re excited and happy to do our part to help solve this problem at scale.  Over the last five years, we’ve looked at a variety of IoT and embedded devices.  The fragmentation of processor architectures, hardware components, and real-time operating systems introduces some real challenges to making security impact at scale for IoT.  One common denominator amongst many of the IoT devices we’ve seen is the usage of wireless protocols (specifically 802.11), so we’re focusing on the technology that will allow us to impact the widest range of devices.  We’re excited at the chance to show off our prototypes and research over the next few months,  but first we wanted to mention the Silicon Valley Innovation Program itself.

The Silicon Valley Innovation Program, conceived and operated by the DHS Science and Technology Directorate, is pretty special.  Working with the federal government can be daunting, especially for startups.  The Silicon Valley Innovation Program is trying to change that.  They’re specifically interested in engaging start-ups, incubators, and those organizations who typically don’t work with government.  If you are an IoT startup or cyber security startup with some IoT skills, you should definitely take a look at the program!  You can find a link to the IoT security challenge here and you can learn more about the Silicon Valley Innovation program here.

Thursday, October 22, 2015

Worldwide Building Automation System Enumeration - October 2015

Here at WhiteScope, we periodically scour the Internet in search of exposed buildings.  We make use of a variety of data sources (including Shodan and for our initial enumeration.  We're excited to see how the newly launched Censys is going to change the Internet enumeration game! While these enumeration services are invaluable in the detection in devices on the Internet, these services only provide so much data specific to building automation devices.  To supplement the great work done by these enumeration services, we've developed a custom set of enumeration tools which utilizes Shodan and data and provides us additional information related to buildings on the Internet.  For example, instead of knowing there is a building at IP address, we now know that there is a bank branch or a hospital at  In partnership with QED Secure Solutions, we're making some of the data we've captured available in this report.  We plan on releasing a similar report twice a year, once in April and again in October.  We hope you find it informative and useful.

You can download the document here: