Maximum Overdrive Redux?
Last night at SANS SecWest 2010 in San Diego I gave a presentation I've been working on called "Maximum Overdrive Redux", looking at exploiting embedded and smart hardware systems.Â We started off with the AC/DC Video from the 1986 Stephen King movie about how machines take over and start killing people, eventually manipulating them into human pawns.
This movie was pretty bad, and Stephen King is even quoted as saying "I was coked out of my head" during direction.Â As a result, it became a cult classic, and I thought it was a pretty good analogy for what we're seeing with the increased reliance, interconnectivity, and physical-world access in embedded systems.
I made four critical points in the presentation:
- Tools for exploiting embedded systems are available and getting better;
- Embedded systems are becoming more interconnected;
- Vendors are widely overlooking the security of embedded platforms;
- Attackers can leverage flaws in embedded systems to exploit the physical world.
I backed up these points by looking at attacks against smart card parking meters, home area networks, Internet-connected vehicle control systems, Verizon MiFi devices, the SHODAN Computer Search Engine, NIBE Heat Pumps and more.Â I've posted the slides in the PresentationsÂ section.
Comments, questions, concerns? Please drop me a note.Â Thanks! -Josh