Alexander Bolshev, Security Consultant for IOActive, to present at hardware.io

We live in an analog world, but program and develop in digital systems. ADCs (analog-to-digital converters) are small integrated circuits (IC) that transform physical variables (amperage or voltage) into bytes in order to connect the worlds of analog and digital. Those bytes are then interpreted by most modern systems to initiate an appropriate or desired action. So the accurate interpretation of the data is important, especially in critical embedded and industrial control systems (ICS), as the wrong interpretation could create unsafe or even catastrophic conditions.

Consider an ADC that monitors the state of an important analog process (e.g., an industrial controller sending analog signals to a motor to change its speed). The ADC could be inside a safety system that will shut down the motor if an incorrect signal value is received. But what if it was possible to generate an analog signal that will be intentionally misinterpreted by the safety system? For example, if a signal was supplied that caused vibration issues in the motor (i.e., that would eventually destroy it), but was interpreted as a correct signal (e.g., constant 5V) by the safety ADC.

In previous research we have proven this is possible (at least with successive approximation ADC). But this talk will focus on the features, “design vulnerabilities,” and attacks leading to misinterpretations of the analog signal for the most popular ADC in the industry; the sigma-delta. Various exploit signal variants and crafting methods will be shown, as well as an overview of some of the popular “industry standard” ADC behaviors in case of such attacks, and attack scenarios in the areas of ICS, embedded, and Radio-Frequency systems. The talk will be concluded with possible consequences and mitigations.

About Alexander Bolshev
Alexander Bolshev is a Security Consultant for IOActive. He holds a Ph.D. in computer security and works as an assistant professor at Saint-Petersburg State Electrotechnical University. His research interests lie in distributed systems, as well as mobile, hardware, and industrial protocol security. He is the author of several whitepapers on topics of heuristic intrusion detection methods, Server Side Request Forgery attacks, OLAP systems, and ICS security. He is a frequent presenter at security conferences around the world, including Black Hat USA/EU/UK, ZeroNights, t2.fi, CONFIdence, and S4.

About hardwear.io
hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols; backdoors, exploits, trust, and attacks (BETA).

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###