Rapid7 has released a whitepaper titled “The Weaponization of Cellular Based IoT Technology,” by Deral Heiland, principal security researcher, IoT, at Rapid7, and Carlota Bindner, lead product security researcher at Thermo Fisher Scientific. The paper examines how attackers with physical access can exploit cellular modules in Internet of Things (IoT) devices to move into cloud and backend environments, exfiltrate data, and conceal command channels within expected device traffic. Heiland presented their findings at the RSAC 2026 conference in San Francisco.

The research focuses on how these attacks work in practice. It details how interchip communications such as USB and universal asynchronous receiver-transmitter (UART) can be observed and manipulated. It also shows how hardware modifications can replace a device host, allowing an external system to assume control of the cellular module. The authors developed proof-of-concept tools, including a TCP port scanner using AT commands, an S3 bucket enumerator, a SOCKS5 proxy that routes traffic through the cellular module, and a Metasploit proxy module. These examples demonstrate how attackers can take advantage of trusted relationships between devices and connected services.

The findings highlight consistent risks across tested devices. Cellular modules often expose multiple interfaces, and unused UART or USB paths can provide direct access. With targeted printed circuit board modifications, an attacker can reroute traffic through the cellular interface. Many modules accept AT commands that support raw sockets, HTTP requests, and TCP tunnels, which can enable reconnaissance and lateral movement. All cellular devices the researchers examined lacked tamper protections and most did not encrypt sensitive data before transmission, increasing exposure in environments that use private access point names (APNs).

Organizations should treat cellular-enabled devices as privileged entry points into their networks as well as their critical data storage and management environments. This includes disabling or removing unused interchip interfaces, enforcing end-to-end encryption before data is transmitted through the cellular modules, and applying monitoring and outbound controls within APN architectures. Hardware-level security testing should be part of standard product security practices.To read the whitepaper, click here.

The lesser-known JackSkid and Mossad botnets have also been targeted in the operation.

The post Aisuru and Kimwolf DDoS Botnets Disrupted in International Operation appeared first on SecurityWeek.

Learn how east-west traffic visibility helps detect and stop lateral movement attacks inside electric grid infrastructure and critical OT networks.

PUBLIC DEFENDER By Brian Livingston Malware apps that infect “Internet of Things” devices (Wi-Fi routers, smart TVs, doorbell cameras, and the like) used to get erased whenever the gadget was unplugged, rebooted, or reset — but not anymore. Suddenly, state-sponsored hacker teams are now infecting IoT firmware with botnet apps that survive a loss of […]

PUBLIC DEFENDER By Brian Livingston There are about 21 billion Wi-Fi–enabled devices in the world, according to an IMARC Group estimate. That’s more than 2½ per person alive today. In the US, households with Internet access now have an average of 18 connected devices: Wi-Fi routers, smart TVs, remote-controlled cameras, even refrigerators that report when […]

Enterprise 2025 introduces the first full cloud adversary emulation and expanded multi-platform testing, focusing on two advanced threat areas: Scattered Spider’s cloud-centric attacks and Mustang Panda’s long-term espionage operations.

Launching at NVIDIA GTC 2025 - Transforming AI Security with Trend Vision One™ on NVIDIA BlueField

Previously exclusive to Trend Vision One customers, select Trend Cybertron models, datasets and agents are now available via open-source. Build advanced security solutions and join us in developing the next generation of AI security technology.

Since the end of 2024, we have been continuously monitoring large-scale DDoS attacks orchestrated by an IoT botnet exploiting vulnerable IoT devices such as wireless routers and IP cameras.

Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

David Fletcher// My wife and I recently purchased a 2016 Ford Flex to replace an aging version of the same make and model that met an untimely fate. During the […]

The post Internet of Things Exploration: 2016 Ford Flex appeared first on Black Hills Information Security, Inc..

Chevy Swanson // I got my start in InfoSec through a few competitions during my time in high school. My team and I were fortunate to have a supportive school and […]

The post Creating the Next Generation of Interns appeared first on Black Hills Information Security, Inc..

Lawrence Hoffman // It’s been one of those crazy busy weeks. I always feel like I didn’t get enough time to read articles, surf Reddit, and attempt to keep up […]

The post Lawrence’s List 061016 appeared first on Black Hills Information Security, Inc..