Deral Heiland – Noise

Beyond the Device: Exploring the New Security Risks of Interconnected IoT at CES 2026

Deral Heiland — Fri, 09 Jan 2026 15:11:35 +0000

Attending CES over the last several years has provided me with a valuable opportunity to observe how rapidly IoT technology continues to evolve across consumer and enterprise domains. This was my fourth year attending CES and I have seen a continued gr...

New Research: Multifunction Printer (MFP) Security Concerns within the Enterprise Business Environment

Deral Heiland — Thu, 11 Dec 2025 10:57:28 +0000

Multifunction printers (MFPs) do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer (MFP) Security within the Enterprise Business Environment, fr...

Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED)

Deral Heiland — Fri, 14 Feb 2025 14:00:00 +0000

During security testing, Rapid7 discovered that Xerox Versalink C7025 Multifunction printers (MFPs) were vulnerable to pass-back attacks.

Out With the Old, In With the New: Securely Disposing of Smart Devices

Deral Heiland — Mon, 06 Jan 2025 14:00:00 +0000

Hopefully you received some cool smart technology, or maybe you just upgraded your smart camera or voice assistant to a newer model or version. If you upgraded to a new model or version, what is your plan for the old device? Is it still working or is it broken?

New Research: The Proliferation of Cellular in IoT

Deral Heiland — Tue, 30 Jul 2024 13:00:00 +0000

Analysis of Cellular Based Internet of Things (IoT) Technology is a new whitepaper co-authored by Rapid7 principal security researcher Deral Heiland and Thermo Fisher Scientific lead product security researcher Carlota Bindner.

Privacy, Security, and Connected Devices: Key Takeaways From CES 2024

Deral Heiland — Thu, 18 Jan 2024 18:00:00 +0000

The topic of data privacy has become so relevant in our age of smart technology. With everything becoming connected, including our homes, workplaces, cities, and even our cars, those who develop this technology are obligated to identify consumers' expectations for privacy and then find the best ways to meet those

Genie Aladdin Connect Retrofit Garage Door Opener: Multiple Vulnerabilities

Deral Heiland — Wed, 03 Jan 2024 18:58:10 +0000

Rapid7, Inc. (Rapid7) discovered vulnerabilities in Aladdin Connect retrofit kit garage door opener and Android mobile application produced by Genie.

Is That Smart Home Technology Secure? Here’s How You Can Find Out.

Deral Heiland — Mon, 30 Oct 2023 14:00:00 +0000

I can’t tell you which solution will work for your specific case, but I can give you some pointers around technology security.

Poorly Purged Medical Devices Present Security Concerns After Sale on Secondary Market

Deral Heiland — Wed, 02 Aug 2023 18:30:00 +0000

In Security Implications from Improper De-acquisition of Medical Infusion Pumps Rapid7 performs a physical and technical teardown of more than a dozen medical infusion pumps.

Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing

Deral Heiland — Thu, 29 Dec 2022 14:00:00 +0000

A look at the various components that make up Smart Cities with the goal of having a model to help better understand the various security concerns as we plan for our Smart City future.

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 4

Deral Heiland — Tue, 08 Nov 2022 19:07:49 +0000

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to gain root access over the device's secure shell protocol (SSH).

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 3

Deral Heiland — Tue, 01 Nov 2022 19:25:32 +0000

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. In this post, we'll cover how to modify the data we've extracted.

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Pt. 2

Deral Heiland — Tue, 25 Oct 2022 17:40:01 +0000

Welcome back to our blog series on Rapid7's IoT Village exercise from DEF CON 30. Last week, we covered the basics of the exercise and achieving access to flash memory. In this post, we'll cover how to extract partition data.

Hands-On IoT Hacking: Rapid7 at DEF CON 30 IoT Village, Part 1

Deral Heiland — Tue, 18 Oct 2022 16:00:00 +0000

Rapid7 returned to DEF CON 30 and participated at the IoT Village with another hands-on hardware hacking exercise.

Baxter SIGMA Spectrum Infusion Pumps: Multiple Vulnerabilities (FIXED)

Deral Heiland — Thu, 08 Sep 2022 16:30:00 +0000

Rapid7 discovered vulnerabilities in two TCP/IP-enabled medical devices produced by Baxter Healthcare.

Evaluating the Security of an Enterprise IoT Deployment at Domino’s Pizza

Deral Heiland — Mon, 06 Jun 2022 13:25:42 +0000

Recently, I had a great opportunity to work with Domino's Pizza to evaluate an internally conceived Internet of Things (IoT)-based business solution.

Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip

Deral Heiland — Thu, 07 Apr 2022 15:14:03 +0000

In this post, we cover how to dead-bug a flash memory chip to help aid your IoT hacking research.

Is the Internet of Things the Next Ransomware Target?

Deral Heiland — Thu, 20 Jan 2022 14:41:57 +0000

What would it take for IoT to be the target of ransomware? This post takes a closer look.

A Quick Look at CES 2022

Deral Heiland — Thu, 13 Jan 2022 15:15:48 +0000

The first thing I noticed about CES 2022 was COVID’s impact on the event, which was more than just attendance size.

Hands-On IoT Hacking: Rapid7 at DefCon 29 IoT Village, Part 4

Deral Heiland — Thu, 11 Nov 2021 19:00:00 +0000

In this final post, we'll discuss how to gain full root access and successfully complete this exercise in IoT hacking.