fbpx
iParcelBox - Never miss a delivery again! Mobile navigation

McAfee: Hacking iParcelBox

From the very start of our journey to create iParcelBox, we’ve been on a mission to achieve the very highest possible standards in data security.

Earlier this year, we contacted McAfee’s Advanced Threat Research team in Oregon, USA, to ask whether they would be interested in testing iParcelBox for security vulnerabilities, and they agreed!

As well as being a household name in anti-virus software, McAfee.com are world leaders in cyber-security and threat research, finding and reporting vulnerabilities in popular hardware and software.

We’re really proud to confirm that we received an excellent report:

Props to the team at iParcelBox for their focus on security throughout the development of this product. We want to take a moment to recognize the level of effort put into both physical and digital security.

iParcelBox implemented numerous security concepts that are uncommon for IoT  (Internet of Things) devices and significantly raise the bar for attackers. We applaud the company for being proactive in their security efforts.

The internals of the system were well-designed from a security perspective, utilizing concepts like SSL for encryption, disabling hardware debugging, and performing proper authentication checks.

It is easy to see … that the developers have been trying to make this device secure from the start and have done it well.

There are not many attack surfaces that an attacker could leverage from the device and is a great refreshment to see IoT devices heading this direction.”

The research team did identify two potential vulnerabilities, which they flagged to us straight away. One involved a password which was mistakenly shared on an online tech forum. The other involved a server permission misconfiguration which allowed the researcher to query the information about an iParcelBox device and to become the primary owner.

Both issues were simple configuration errors, which allowed us to immediately fix them remotely, and again we received credit from McAfee for our responsiveness:

[This] was patched within 12 hours after our vendor disclosure, which puts iParcelBox in the top response time for a patch that we have ever seen.

It’s much easier to fix issues like leaked passwords or basic configuration issues than to rebuild hardware or reprogram software to bolt on security after the fact. This may be why the company was able to fix both issues almost immediately after we informed them in March of 2020.

We have tested the patch and can no longer control other devices or use the old admin password to access the devices.”

Screenshot of McAfee ATR Blog

This research by McAfee confirms that our relentless focus on device security has resulted in iParcelBox being one of the most secure IoT devices available on the market.

“iParcelBox delivers an innovative and highly secure smart parcel delivery solution for consumers and business alike,” said Paul Needler, CEO at iParcelBox. “In a time when hacks and breaches are reported almost daily, it was really important to us that we addressed potential security vulnerabilities head-on. That’s why we jumped at the opportunity to work closely with the experts at McAfee Advanced Threat Research (ATR) to take the security of iParcelBox to a new level. It’s comforting for us to know that we were able to rapidly address the findings they uncovered, mitigating any potential attacks and reinforcing the trust and confidence of our customers along the way.”

A full copy of the McAfee report is available from their website here.

My thanks to the team at McAfee, particularly Sam Quinn and Steve Povolny for their collaborative approach and helpful attitude throughout their research.

Share this:

Leave a Reply

Your email address will not be published. Required fields are marked *

Order Now

Download on the App Store Get it on Google Play

Subscribe to the mailing list

And get all the latest from iParcelBox



Agreed

  • iParcelBox on Twitter
  • iParcelBox on Facebook
  • iParcelBox on Instagram

Website design & build by jonwallacedesign.com

Content Copyright © 2019 iParcelBox Ltd. All Rights Reserved.
iParcelBox Ltd Registered in England and Wales. Company No. 11622993. VAT No. GB314127736

Please note this website uses cookies. More information about our use of cookies can be found here.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.