Company exemplifies thought leadership with original research and training at world’s prestigious security conferences
Seattle, USA ― July 24, 2013 ― IOActive, Inc., the leading global provider of specialist information security services, today announced that five of its top security researchers and consultants have been selected to present their ground-breaking research and training at the annual Black Hat and DEF CON security conferences at the end of July in Las Vegas.
IOActive continues to build upon a decade of delivering industry defining security research at Black Hat and DEF CON with previous talks including RFID access control limitations, critical flaws in global DNS infrastructure, Smart Meter worms, jackpotting ATMs, and breaking Semiconductors.
This year sees the team presenting on vulnerabilities for automobiles, medical devices, and wireless for industrial automation and control systems (IACS). Training sessions in the latest Red Team Testing techniques will also be given to attendees.
News Facts:
- Here is an overview of IOActive’s presentations, training and arsenal session at Black Hat:
-
“Implantable Medical Devices: Hacking Humans”
By Barnaby Jack, director of embedded device security
August 1, 2013 at 14:15This talk will focus on the security of wireless implantable medical devices. Barnaby will discuss how these devices operate and communicate and the security shortcomings of the current protocols. IOActive’s internal research software will be revealed that utilizes a common bedside transmitter to scan for, and interrogate individual medical implants. Barnaby will also provide ideas manufacturers can implement to improve the security of these devices. -
“Compromising Industrial Facilities From 40 Miles Away”
By Lucas Apa, security researcher and Carlos Mario Penagos, security researcher
August 1, 2013 at 15:30In this presentation, Lucas and Carlos will review the most commonly implemented key distribution schemes, their weaknesses, and how vendors can more effectively align their designs with key distribution solutions. They will also demonstrate some attacks that exploit key distribution vulnerabilities, which they recently discovered in every wireless device developed over the past few years by three leading industrial wireless automation solution providers. These devices are widely used by many energy, oil, water, nuclear, natural gas, and refined petroleum companies.To see a video of Lucas and Carlos introducing their presentation for Black Hat, please click here. -
“Red Team Training”
By Iftach Ian Amit, director of services
July 27-28 and July 29-30, 2013In this training, Ian will teach attendees how Red Team (or full scope) testing works, how to create a methodology for using a red team engagement as a repeatable test with metrics and actionable results. He will cover all elements of a red team test, from planning and scoping, intelligence gathering, target selection, vulnerability analysis, risk analysis, exploitation and execution, resource usage and ad-hoc agent deployment, post-exploitation, documentation and recording of evidence, damage analysis, and final reporting.
-
“Implantable Medical Devices: Hacking Humans”
- Here is an overview of IOActive’s presentation at DEF CON 21:
-
“Adventures in Automotive Networks and Control Units”
By Chris Valasek, director of security intelligence for IOActive and Charlie Miller, security engineer for Twitter
August 2, 2013 at 10:00Automotive computers, or Electronic Control Units (ECU), were originally introduced to help with fuel efficiency and emissions problems of the 1970s but evolved into integral parts of in-car entertainment, safety controls, and enhanced automotive functionality. This presentation will examine some controls in two modern automobiles from a security researcher’s point of view. Chris and Charlie will first cover the requisite tools and software needed to analyse a Controller Area Network (CAN) bus. Secondly, they will demo software to show how data can be read and written to the CAN bus. They will then show how certain proprietary messages can be replayed by a device that is hooked up to an ODB-II connection to perform critical car functionality, such as braking and steering. Finally, they will discuss aspects of reading and modifying the firmware of ECUs installed in today’s modern automobile.
-
“Adventures in Automotive Networks and Control Units”
- Black Hat takes place from July 27 – August 2, 2013 at Caesars Palace in Las Vegas, Nevada.
- DEF CON takes place from August 1-4 at the Rio Hotel in Las Vegas, Nevada.
- Next week IOActive will be hosting its annual IOAsis tradeshow sanctuary in the Emperors Suite of Caesars Palace in Las Vegas from 31 July – 1 August. The company will have Q&A sessions with all our speakers along with other key research team members, including Chris Tarnovsky, who will be on hand to discuss topics such as chip assessments, mobile security, cloud forensics, and more.
- IOActive recently opened a new office in South Africa to meet the increasing demand for locally delivered security services from Global 500 customers with operations in Africa.
Supporting Quotes
-
Jennifer Steffens, chief executive officer for IOActive
“Research into medical device security has emerged as a top priority at IOActive because of its direct criticality to life and death relative to other applications, systems and devices we’re focused on improving. In addition to my vested personal interest in building better life-saving and sustaining cardiac technology, due to my family’s experiences, the technical evolution of these devices has substantially broadened their threat spectrum. Barnaby’s breaking and continued research is already helping the medical device industry better appreciate the new risks and importance of building heightened security measures into the core architecture of these devices that will keep pace – nothing we do could be more important.” -
Jennifer Steffens, chief executive officer for IOActive
“Today more vehicles are embedding fully functional computer systems to control critical functionality such as steering, braking, and acceleration. Chris and Charlie’s cutting-edge research on these systems will re-invent the way automobiles of the present and future are secured and protected from those who will exploit this new technology infusion to compromise the vehicles we depend on every day.” -
Jennifer Steffens, chief executive officer for IOActive
“Because IOActive has one of the largest professional teams of researchers working with ICS-CERT we’re consistently able to uncover new sources of risk. One of our latest works presented by Lucas and Carlos highlights a new threat faced by industrial companies worldwide and demonstrates the need for new security measures in next generations of their mission critical technology. This is yet another example of our research team’s focus on identifying, vetting and remediating vulnerabilities in technologies that have potentially massive economic and sociological impacts when compromised.”
Supporting Resources
IOActive: http://www.ioactive.com/
Twitter: https://twitter.com/IOActive
LinkedIn: http://www.linkedin.com/company/ioactive-inc
Facebook: https://www.facebook.com/IOActive
About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with operations in North and South America, and Europe. Visit www.ioactive.com for more information.
-###-