{{Short description|American computer security company}}

{{Infobox company | name = IOActive, Inc. | logo = IOActive Logo.png | type = | industry = Computer Security | fate = | predecessor = <!-- or: | predecessors = --> | successor = <!-- or: | successors = --> | founded = 1998 | founder = <!-- or: | founders = --> | defunct = <!-- {{End date|YYYY|MM|DD}} --> | hq_location_city = Seattle | hq_location_country = United States | area_served = Worldwide | key_people = Jennifer Sunshine Steffens<ref name="aboutself">{{Cite web |title=TEAM – IOActive |url=https://ioactive.com/team/ |access-date=2023-07-14 |language=en-US}}</ref> | products = | owner = <!-- or: | owners = --> | num_employees = | num_employees_year = <!-- Year of num_employees data (if known) --> | parent = | website = https://ioactive.com }}

IOActive is a cybersecurity consulting firm that provides security research and testing services. <ref name="who">{{cite web |title=Who We Are |url=https://www.ioactive.com/who-we-are/ |website=IOActive |access-date=2026-04-19}}</ref> The company was founded in 1998 by Joshua J. Pennell in Seattle, Washington. <ref name="independent">{{cite news |title=Jennifer Steffens: cybersecurity and the rise of smart device hacking |url=https://www.the-independent.com/news/business/analysis-and-features/jennifer-steffens-ioactive-cyberattack-security-siri-alexa-hackers-a8461551.html |work=The Independent |access-date=2026-04-19}}</ref> It originated from an ethical hacking group that participated in the DEF CONCapture the Flag” competition. <ref name="independent" /> The organization later transitioned to providing security services to private sector clients, leading to the formation of IOActive.<ref name="independent" />

IOActive expanded beyond its original Seattle base to establish offices and research facilities in North America, Europe, and the Middle East.<ref name="contact">{{cite web |title=Contact |url=https://www.ioactive.com/contact/ |website=IOActive |access-date=2026-04-19}}</ref> The company has reported operations in more than 30 countries, with offices including Seattle, Atlanta, London, Madrid, and Dubai. <ref name="who" />

In 2008, Jennifer Sunshine Steffens joined IOActive and was appointed chief executive officer later that year.<ref name="independent" /> IOActive is a privately held company and has conducted research on security vulnerabilities in areas including industrial control systems, transportation technologies, and hardware devices.<ref name="who" />

== Research and publications ==

IOActive conducts security research focused on identifying vulnerabilities in hardware, software, and connected systems.<ref name="who" /> The company maintains research facilities, including hardware and embedded systems laboratories, to support technical analysis of security issues.<ref>{{cite web |title=Contact |url=https://www.ioactive.com/contact/ |website=IOActive |access-date=2026-04-19}}</ref> Its research has examined topics including industrial control systems, transportation technologies, semiconductor security, and emerging computing platforms.<ref name="who" />

IOActive publishes its findings through technical reports, white papers, blog posts, and conference presentations. The company’s research publications have addressed topics such as artificial intelligence security,<ref>{{cite web |title=The Security Imperative in Artificial Intelligence |url=https://www.ioactive.com/the-security-imperative-in-artificial-intelligence/ |website=IOActive |access-date=2026-04-19}}</ref> hardware fault injection, and secure boot mechanisms.<ref>{{cite web |title=Research |url=https://www.ioactive.com/resources/research/ |website=IOActive |access-date=2026-04-19}}</ref> Research is often disclosed following coordination with affected vendors, and the company publishes advisories related to identified vulnerabilities.<ref name="who" />

Notable publications by IOActive researchers include analyses of automotive cybersecurity risks,<ref>{{cite web |title=Commonalities in Vehicle Vulnerabilities (2022 Update) |url=https://www.ioactive.com/ioactive-commonalities-vehicle-vulnerabilities-22update/ |website=IOActive |access-date=2026-04-19}}</ref> hardware and semiconductor attack techniques,<ref>{{cite web |title=IOActive Silicon Security Services |url=https://www.ioactive.com/ioactive-silicon-security-services/ |website=IOActive |access-date=2026-04-19}}</ref> avionics systems,<ref>{{cite web |title=Reverse Engineering of Certified Avionics: Collins Pro Line Fusion |url=https://www.ioactive.com/reverse-engineering-certified-avionics-collins-pro-line-fusion/ |website=IOActive |access-date=2026-04-19}}</ref> satellite communications security,<ref>{{cite web |title=Cyberattacks on SATCOM: Understanding the New Risks |url=https://www.ioactive.com/cyberattacks-on-satcom-understanding-the-new-risks/ |website=IOActive |access-date=2026-04-19}}</ref> and biometric authentication technologies.<ref>{{cite web |title=Facial Recognition Security Research |url=https://www.ioactive.com/wp-content/uploads/2025/05/IOA-wp-FacialRecognition-v1.pdf |website=IOActive |access-date=2026-04-19}}</ref> These publications have been presented at industry conferences including Black Hat, DEF CON, and the RSA Conference.<ref name="who" />

== Notable research and impact ==

IOActive researchers have contributed to several publicly reported security demonstrations and vulnerability disclosures across multiple industries. In 2010, researcher Barnaby Jack demonstrated an attack on automated teller machines (ATMs) that allowed remote manipulation of cash dispensing.<ref name="independent" />

In 2012, IOActive researchers identified vulnerabilities in certain wireless-enabled medical devices, including implantable cardiac devices, that could be accessed using radio-frequency communication under specific conditions.<ref name="independent" />

IOActive has also conducted research on industrial control systems and smart infrastructure, including studies of smart meters and urban traffic systems that identified vulnerabilities related to unencrypted communications.<ref name="who" />

In 2015, researchers associated with IOActive participated in a widely reported demonstration of remote exploitation of a Jeep Cherokee, showing that vulnerabilities in connected vehicle systems could allow control of certain vehicle functions.<ref>{{cite news |last=Greenberg |first=Andy |title=Hackers Remotely Kill a Jeep on the Highway—With Me in It |url=https://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/ |work=Wired |date=2015-07-21 |access-date=2026-04-19}}</ref>

IOActive researchers have also published analyses of aviation and satellite communication systems, including potential attack paths within aircraft networks and vulnerabilities in satellite communication terminals.<ref>{{cite web |title=Cyberattacks on SATCOM: Understanding the New Risks |url=https://www.ioactive.com/cyberattacks-on-satcom-understanding-the-new-risks/ |website=IOActive |access-date=2026-04-19}}</ref>

Additional research has examined vulnerabilities in hardware and embedded systems, including automated card shuffling devices used in casinos.<ref name="shuffler">{{cite web |title=Shuffle Up and Deal: Analyzing the Security of Automated Card Shufflers |url=https://www.ioactive.com/shuffle-up-and-deal-analyzing-the-security-of-automated-card-shufflers-joseph-tartaro-enrique-nissim-ethan-shackelford/ |website=IOActive |access-date=2026-04-19}}</ref><ref>{{cite news |last=Greenberg |first=Andy |title=Researchers Show How to Hack a Casino’s Automated Card Shuffler |url=https://www.wired.com/story/card-shuffler-hack/ |work=Wired |access-date=2026-04-19}}</ref>

In several cases, disclosures by IOActive researchers have been followed by vendor patches, regulatory attention, or changes in industry security practices.<ref name="who" />

== Global presence ==

IOActive operates offices and research facilities in North America, Europe, and the Middle East.<ref name="contact" /> Its listed locations include Seattle, Atlanta, London, Madrid, and Dubai.<ref name="contact" />

The company’s Seattle location includes a hardware laboratory, and IOActive has also described research facilities associated with embedded device and silicon security work in Seattle and Madrid.<ref name="contact" /><ref name="who" /> IOActive has reported operations in more than 30 countries.<ref name="who" />

== Leadership and notable personnel ==

IOActive is led by chief executive officer Jennifer Sunshine Steffens, who joined the company in 2008 and was promoted to CEO later that year.<ref name="independent" /><ref name="infosecurity-steffens">{{cite news |title=Interview: Jennifer Steffens, CEO of IOActive |url=https://www.infosecurity-magazine.com/magazine-features/prm/interview-jennifer-steffens-ceo-of/ |work=Infosecurity Magazine |date=2016-12-28 |access-date=2026-05-05}}</ref>

Notable current and former personnel have included researchers working in hardware security, industrial control systems, transportation systems, embedded systems, and medical device security. Former IOActive researcher Barnaby Jack was known for public demonstrations involving automated teller machine vulnerabilities and research into wireless-enabled medical devices.<ref name="reuters-jack">{{cite news |last=Finkle |first=Jim |title=Famed hacker Barnaby Jack dies a week before hacking convention |url=https://www.reuters.com/article/technology/famed-hacker-barnaby-jack-dies-a-week-before-hacking-convention-idUSBRE96P0K2/ |work=Reuters |date=2013-07-26 |access-date=2026-05-05}}</ref><ref name="forbes-jack">{{cite news |last=Greenberg |first=Andy |title=Meet the hacker who can break into ATMs and pacemakers |url=https://www.forbes.com/sites/andygreenberg/2012/07/26/meet-the-hacker-who-can-break-into-atms-and-pacemakers/ |work=Forbes |date=2012-07-26 |access-date=2026-05-05}}</ref>

Other IOActive researchers have been associated with work on smart city infrastructure and satellite communications security, including Cesar Cerrudo and Ruben Santamarta.<ref name="securityweek-smartcities">{{cite news |last=Kovacs |first=Eduard |title=New Global Initiative Aims at Securing Smart Cities |url=https://www.securityweek.com/new-global-initiative-aims-securing-smart-cities/ |work=SecurityWeek |date=2015-05-27 |access-date=2026-05-05}}</ref><ref name="axios-satcom">{{cite news |title=Security flaws let hackers hit in-flight and at sea WiFi |url=https://www.axios.com/2018/08/08/security-flaws-satcom-satellite-airplanes-wifi-hacking |work=Axios |date=2018-08-08 |access-date=2026-05-05}}</ref>

IOActive researchers have presented findings at security conferences including Black Hat, DEF CON, and the RSA Conference.<ref name="who" />

== Certifications and affiliations ==

IOActive has held accreditation from CREST for penetration testing services.<ref name="crest-ioa">{{cite web |title=IOActive Awarded CREST Accreditation for its Penetration Testing Services |url=https://www.ioactive.com/article/ioactive-awarded-crest-accreditation-for-its-leading-penetration-testing-services/ |website=IOActive |date=2018-09-11 |access-date=2026-05-05}}</ref><ref name="crest-marketplace">{{cite web |title=IOActive, Inc Services |url=https://www.crest-approved.org/service/ioactive-inc/ |website=CREST |access-date=2026-05-05}}</ref> CREST is an international not-for-profit accreditation and certification body for the technical cybersecurity industry.<ref name="crest-about">{{cite web |title=Cyber Security Services, Accreditations & Training |url=https://www.crest-approved.org/ |website=CREST |access-date=2026-05-05}}</ref>

IOActive has also participated in initiatives related to public infrastructure and smart city security. In 2015, IOActive was listed among the companies and organizations involved in the launch of Securing Smart Cities, a non-profit initiative focused on cybersecurity issues affecting connected urban systems.<ref name="securityweek-smartcities" /><ref name="kaspersky-smartcities">{{cite web |title=Securing Smart Cities: Leading Security Experts Join Forces to Make Modern Cities Safer |url=https://www.kaspersky.es/about/press-releases/securing-smart-cities-leading-security-experts-join-forces-to-make-modern-cities-safernew-component |website=Kaspersky |date=2015-05-27 |access-date=2026-05-05}}</ref>

==References== {{Reflist}}

Category:Computer security companies