Seattle, USA — October 24, 2014 – IOActive, Inc., the leading global provider of hardware, software, and wetware security services, announced today that Cesar Cerrudo, Chief Technology Officer for IOActive Labs, and Chris Valasek, Director of Vehicle Security Research for IOActive, will present their ground-breaking research at the ekoparty Security Conference.
|CONFERENCE:||ekoparty Security Conference|
|LOCATION:||Buenos Aires, Argentina|
|DATE & TIME:||October 29–31, 2014|
Cesar Cerrudo, Chief Technology Officer for IOActive Labs Hacking US (and UK, Australia, France, etc.) Traffic Control Systems
Date & Time: Thursday October 30, 2014 at 09:30 AM
Cesar recently conducted research involving devices used by traffic control systems in important cities around the world, including the US, UK, France, Australia, and China. The end result, Cesar was able to hack into and exploit these devices.
In this presentation, Cesar will tell the whole story: how the devices were acquired, the research and onsite tests he conducted, the vulnerabilities he discovered, and how they can be exploited. Cesar will conclude his presentation with demonstrations of cyberwar-style attacks against the vulnerable devices.
Chris Valasek, Director of Vehicle Security Research
Remote Automotive Attack Surfaces
Date & Time: Friday October 31, 2014 at 19:20 PM
Automotive security concerns have gone from the fringe to the mainstream as researchers have demonstrated modern vehicles’ susceptibility to local and remote attacks. A malicious attacker could exploit remote vulnerabilities to execute a wide range of remote attacks, from enabling a microphone and eavesdropping to turning the steering wheel to disabling the brakes.
Each manufacturer designs its fleets differently; therefore, remote threat analysis must avoid generalities. Unfortunately, research has only been presented on three or four particular vehicles. In his talk, Chris takes a step back and examines the automotive networks of a large number of manufacturers from a security perspective. Using this larger dataset Chris begins to answer questions like: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last five years? What does the future of automotive security hold? How can we protect our vehicles from attack moving forward?
About Cesar Cerrudo
Cesar Cerrudo is CTO for IOActive Labs, where he leads the team in producing ongoing, cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting – which was acquired by IOActive – Cesar is a world-renowned security researcher and specialist in application security.
Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter. He has a record of finding more than 50 vulnerabilities in Microsoft products and more than 20 in Microsoft Windows operating systems. Cesar has authored several white papers on database and application security as well as attacks and exploitation techniques based on his unique research. He has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, BlueHat, 8.8, Hackito Ergo Sum, NcN, and Defcon. Cesar collaborates with, and is regularly quoted in, print and online publications.
About Chris Valasek
Chris Valasek serves as the Director of Vehicle Security Research for IOActive where he is responsible for investigating current attack methodologies and trends. He also leads a variety of research and development projects.
Chris specializes in offensive research methodologies with a focus on reverse engineering and exploitation. Known for his extensive research in the automotive field, Chris was one of the first researchers to publicly discuss automotive security issues in detail. His release of code, data, and tools allowing vehicles to be physically controlled through the CAN bus garnered worldwide media attention.
Chris is also known for his exploitation and reverse engineering of Windows. As a Windows heap subject matter expert, Chris has been quoted in several technology publications and has given presentations on the subject at a number of conferences. He is also the Chairman of SummerCon, the nation’s oldest hacker conference.
Prior to working at IOActive, Chris served as Senior Security Research Scientist at Coverity, a leading development testing company based in San Francisco. At Coverity, Valasek served as General Security Council to the organization and led the C/C++ security initiative for the research laboratory. Chris also served as Senior Security Research Scientist at Accuvant, where he was a key member of the Labs Group and focused on binary analysis, exploitation techniques, consulting services, and long-term research projects.
The essence of ekoparty is simple and comprehensive: It is an international conference with speakers from Latin America and over the world. With an excellent variety of topics, discussions, and direct participation, ekoparty demonstrates cutting-edge security research and development. The post-conference activities add an extra value to this event. All participants are invited to interact on a personal level in Lockpicking challenges or a Wardriving tour around the city in private transportation.
ekoparty Security Conference allows consultants, security officers, researchers, developers, technicians, system administrators, nerds, geeks, and technology enthusiasts to meet and enjoy the most important security discoveries.
IOActive is a comprehensive, high-end information security services firm with a long and established track record in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.