IoT Security Digest
Posts
🛡 IoT Security Digest - #3

🛡 IoT Security Digest - #3

Back from DefCon, Hackers can stop trains, Hashcat gets a major upgrade, and more!

Matt Brown
August 20, 2025

We’re back from DefCon! What a great time it was! Specifically the Embedded Systems Village was amazing. CTF was competitive. Demos were cool. Definitely check it out next yaer if you couldn’t make it.

DefCon ESV

In The News

An attacker using a $500 radio setup could potentially trigger train brake failures or derailments from a distance

US CISA has warned about a critical flaw, tracked as CVE-2025-1727, in the radio-based linking protocol between End-of-Train (EoT) and Head-of-Train (HoT) systems.

Getting a Shell on the LAU-G150-C Optical Network Terminal

Great writeup here by Spaceraccoon on getting a UART shell on a LAU-G150-C Optical Network Terminal. Also, if you haven’t you should definitely check out his new book.

Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot

Vulnerabilities in Gigabyte motherboards could allow attackers with local or remote admin permissions to execute arbitrary code in System Management Mode and potentially bypass secure boot.

Tools of the Trade

Hashcat 7.0 Release

The hashcat we all love just did a major version release that packs a ton of new features. Check it out!

Bleak Python Library

This is my go to python library when I need to write custom BLE service interaction.

Return Value

Returning from DefCon is always an interesting experience. You leave the company of tons of super smart people with lots of ideas of things to learn and build. Time to LOCK IN.