| PRESENTER: | Eireann Leverett, Senior Security Consultant for IOActive |
| PRESENTATION: | Vulnerability Inheritance in Programmable Logic Controllers |
| CONFERENCE: | GreHack 2013 |
| LOCATION: | Amphi Vaujany Grenoble, France |
| DATE & TIME: | Friday November 15, 2013 at 12:35pm |
| INFO: | http://grehack.org/en/ |
Eireann Leverett will deliver an academic paper that illustrates how over 200 types of PLCs and EWSs share a common runtime library. This commonality makes them susceptible to authentication bypass vulnerabilities discovered by Reid Wightman, Senior Security Consultant at IOActive, over a year ago. Using this flaw, an unauthenticated attacker could upload ladder logic to the PLCs or halt programs that were running. Eireann and Reid scanned the Internet to see just how many are vulnerable and then shared the data with 30 countries. The paper Eireann is presenting provides a detailed description of the problem, and the number and distribution of vulnerable devices they found exposed to the internet a year after the vulnerability was announced.
About Eireann Leverett
Eireann Leverett is a Senior Security Consultant at IOActive where he focuses on Smart Grid and SCADA systems. He studied artificial intelligence (AI) and software engineering at Edinburgh University and went on to get his Masters in Advanced Computer Science at Cambridge. He studied under Frank Stajano and Jon Crowcroft in the Cambridge computer security group. He worked for GE Energy for five years as well as a six-month engagement with ABB in their corporate research department.
About GREhack
The 2nd International Symposium on Research in Grey-Hat Hacking – aka GreHack – will be held in Grenoble, France on November 15, 2013. It will gather researchers and practitioners from academia, industry, and government to discuss new advances in research related to any area of computer and information security.
About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.
-###-