May 10

Maximum Overdrive Redux?

Last night at SANS SecWest 2010 in San Diego I gave a presentation I’ve been working on called “Maximum Overdrive Redux”, looking at exploiting embedded and smart hardware systems.  We started off with the AC/DC Video from the 1986 Stephen King movie about how machines take over and start killing people, eventually manipulating them into human pawns.

Maximum Overdrive "Happy Toys" Truck

This movie was pretty bad, and Stephen King is even quoted as saying “I was coked out of my head” during direction.  As a result, it became a cult classic, and I thought it was a pretty good analogy for what we’re seeing with the increased reliance, interconnectivity, and physical-world access in embedded systems.

I made four critical points in the presentation:

  • Tools for exploiting embedded systems are available and getting better;
  • Embedded systems are becoming more interconnected;
  • Vendors are widely overlooking the security of embedded platforms;
  • Attackers can leverage flaws in embedded systems to exploit the physical world.

I backed up these points by looking at attacks against smart card parking meters, home area networks, Internet-connected vehicle control systems, Verizon MiFi devices, the SHODAN Computer Search Engine, NIBE Heat Pumps and more.  I’ve posted the slides in the Presentations  section.

Comments, questions, concerns? Please drop me a note.  Thanks! -Josh

Jul 22

Webcast Tomorrow: Smart Grid and AMI Security Concerns

The characters, places and events described herein are entirely fictional, and any resemblance to individuals living or dead is purely coincidental, kthxbye.

The characters, places and events described herein are entirely fictional, and any resemblance to individuals living or dead is purely coincidental, kthxbye.

Tomorrow at 1pm EST Matt Carpenter (InGuardians), Walt Sikura (Industrial Defender) and I are delivering a webcast titled “Smart Grid and AMI Security Concerns” where we talk about the security challenges of the smart grid, discussing tools and techniques through which an attacker could exploit the security of the smart grid.

I’m very fortunate to get the chance to present with both Matt and Walt on a topic which I find no only fascinating but of significant importance as we roll out more and more smart grid systems in North America and throughout the world. The webcast is hosted through WebEx and you can sign up at:

http://www.industrialdefender.com/news/webinar_smart_grid.php

We’re also planning to do this as a trilogy, where we’ll spend more time in later presentation digging in deeper into attach methodologies and defense techniques, as well as what we are doing to exploit and secure smart grid components.

-Josh