IOActive Announces IOAsis Security Talks at Black Hat USA 2017
Security Researchers to Discuss the Current State of Security for Automobile Logging Devices, IoT, Industrial Control Systems (ICS) and more
July 13, 2017 --
SEATTLE, July 13, 2017 /PRNewswire/ -- IOActive, Inc., the worldwide leader in research-driven security services, has announced the speaker lineup and location of its annual IOAsis Las Vegas event, this year held in partnership with Black Hat USA 2017.
"Our Las Vegas IOAsis event presents a tremendous opportunity to share and collaborate with our security industry peers and community," said Jennifer Steffens, CEO of IOActive. "We are excited to offer a fantastic line-up of security talks covering a variety of interesting topics and new research. IOActive subject matter experts will be on hand during our program and throughout the week to discuss security techniques and trends from the hacker's perspective, which is at the heart of our client services."
The IOAsis Las Vegas 2017 schedule includes:
Wednesday, July 26
10:00 a.m. Doors Open
10:20 a.m. - 11:10 a.m. Security Talk
Heavy Trucks and Electronic Logging Devices: What Could Go Wrong?
Presented by: Corey Thuen, Senior Security Consultant for IOActive
Each day, the U.S. transportation system moves 55 million tons of freight valued at $49.3 billion. As part of the effort to monitor, maintain, and automate this part of our critical infrastructure, federal mandates require Electronic Logging Devices (ELD) in heavy trucks. The ELD mandate significantly increases the attack surface of these insecure heavy vehicles.
This talk shares vulnerability assessment research we conducted against five different ELDs that were available over the counter at big box distributors. What we found could allow an attacker to pivot through the device and into the vehicle where the consequences could be disastrous.
11:30 a.m. - 12:20 p.m. Security Talk
The Under-Engineered Hack: Why Most Attacks on ICS Fail, and How to Get It Right
Presented by: Bryan Singer, Director, Industrial Cybersecurity Services for IOActive
Attackers continue to target critical infrastructure with the intent of disrupting operations and causing physical damage. However, even as ICS attacks increase, many engineers still dismiss ICS threats because critical infrastructure systems rely on engineered layers of protection. Unfortunately, these protections are designed with an engineering mindset, not a cybersecurity mindset, leaving the systems vulnerable to cyberattack.
Bryan Singer will present an emerging model that demonstrates how engineering and cybersecurity attacks can successfully manipulate, compromise, and damage infrastructure. Practical advice and actionable steps to address ICS vulnerabilities, detect intrusions early, and create more resilient systems will also be provided.
1:50 p.m. - 2:40 p.m. Security Talk
IOActive Labs: Breaking Embedded Devices
Presented by: Thomas Kilbride, Embedded Security Consultant for IOActive, Joshua Hammond, Senior Security Consultant for IOActive, and Dan Schaffner, Director of Services for IOActive
See discreet examples of recent research and learn more about IOActive's lab facilities.
ATM Security: Challenge Accepted
IOActive researchers acquired and reverse engineered an ATM whose manufacturer claimed a vulnerability would not allow an attacker to dispense bills. Find out what happened next.
Breaking a Popular Motorized Scooter
IOActive researchers uncovered critical vulnerabilities in a line of scooters. Using reverse engineering and forensic techniques, the team determined that an attacker could bypass the scooter's safety system remotely. We will share the process the team followed to discover these flaws, as well as details of the exploit.
3:00 p.m. - 3:50 p.m. Security Talk
Using the iSCSI Protocol to Harvest Unprotected Hard Drives
Presented by: Lucas Lundgren, Senior Security Consultant, IOActive
Our recent Shodan scan found 100,000 hard drives available for the taking. We found warez, passports (yes!), highly confidential documentation, server disks with web applications, company backups, and financial records. What is this magic? It's iSCSI, SCSI emulation over the internet. Like the world isn't already a bad place.
6:00 p.m. 9:00 p.m.
IOAsis Happy Hour, featuring Jason Whitmore, DJ ALLY & DJ F3R
Thursday, July 27th
10:00 a.m. 6:00 p.m.
IOActive IOAsis Food, beverages, massages, networking and more all day long.
IOAsis is located inside Black Hat (Mandalay Bay, 3950 S Las Vegas Blvd, Las Vegas, NV 89119 in Palm B Room, 3rd Level). Click here to register for IOActive's IOAsis Las Vegas 2017.
IOActive is the industry's only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Read the IOActive Labs Research Blog: http://blog.ioactive.com. Follow IOActive on Twitter: http://twitter.com/ioactive.
Copyright 2014 PR Newswire. All Rights Reserved