Alexander Bolshev, Security Consultant for IOActive, and Marina Krotofil, Security Researcher at the Honeywell Cyber Security Lab, to present at Black Hat Asia 2016

Our world is analog. Computers are digital. When a microcontroller in an Industrial Control System (ICS) or embedded system acquires data from the physical world, it uses analog-to-digital converters (ADC) to transform amperage or voltage into a useful unit of measurement.

In this talk, Alexander and Marina discuss a rarely-addressed topic of analogue signals processing security. Tampering with frequency and phase can cause an ADC to output spurious digital signals; modifying the ranges can cause integer overflow and trigger logic vulnerability in the PLC or embedded software. They analyze several ADC attack vectors, signal scaling misconfiguration and every other design detail that would allow an attacker to fool an ADC—and the systems depending on its output signal. Alexander and Marina will demonstrate how vulnerabilities can be exploited in software and conclude with the potential consequences of attacks that can exploit physical processes. 

About Alexander Bolshev
Alexander Bolshev is a Security Consultant for IOActive. He holds a Ph.D. in computer security and also works as an assistant professor at Saint-Petersburg State Electrotechnical University. His research interests lie in distributed systems, mobile, hardware and industrial protocols security. He is the author of several whitepapers on topics of heuristic intrusion detection methods, Server Side Request Forgery attacks, OLAP systems and ICS security. He is a frequent presenter at security conferences around the world, including Black Hat USA/EU/UK, ZeroNights, t2.fi, CONFIdence, and S4. 

About Marina Krotofil
Marina Krotofil is a Security Researcher at the Honeywell Cyber Security Lab. Previously she worked as a Senior Security Consultant at the European Network for Cyber Security. She completed doctoral degree research in ICS security at Hamburg University of Technology, Germany. Her research over the last few years has been focused on the design and implementation of practical cyber-physical attacks and the design of process-aware defensive solutions and risk assessment approaches. Marina has authored more than a dozen papers on cyber-physical security. She gives workshops on cyber-physical exploitation and is a frequent speaker at leading security events globally. She holds an MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems. 

About Black Hat Asia 2016
Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days–two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings. 

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github