Jason Larsen, Principal Security Consultant for IOActive, to present at S4x16

While the concept of stale data attacks has been presented before, the mechanics still aren’t widely understood. In this presentation, Jason Larsen will compromise an industrial switch, giving himself access to the associated network and systems, by manipulating the timing of encrypted packets flowing between two devices to take advantage of the difference between the physical and logical state of the process. Demonstrating a full working exploit chain, Jason will provide the audience with a vivid and deeper understanding of the threat stale data presents.

Not all pieces of a process operate in lock step with each other. Data often arrives at irregular intervals. This is most noticeable in protocols that support report-by-exception, where the data is only updated when there is a significant change in the measurement. It is not uncommon to find a part of the process that will continue doing what it was already doing in the absence of new data. So if an attacker manipulates not the data, but when the data arrives, the process can often be driven to an arbitrary state within its normal bounds.

About Jason Larsen
Jason Larsen is Principal Security Consultant for IOActive, focusing primarily on SCADA systems and the security of critical infrastructure. Jason joined IOActive from Idaho National Labs (INL) where he performed security assessments of the software and hardware that runs the planet’s critical infrastructure. During his tenure at INL, he conducted full-scope assessments of all major power control system vendors. In addition to laboratory tests, he has performed live power grid penetrations in multiple countries, allowing him to gain control of electric power for a short period of time. Jason has worked in other sectors including chemical manufacturing, pharmaceutical, petroleum, and water.

Before his career in SCADA security, Jason explored numerous other fields, including modelling neutron beams for use in treating brain tumors and writing software to analyze nerve impulses. He has also acted as the analyst of last resort for critical infrastructure malware and served on the Windows 7 penetration testing team.

About S4
S4 is the premier technical ICS security conference. It is the one place where you can present in technical depth and don’t need to explain SCADASEC 101. The attendees represent the top researchers and thought leaders from the around the world. They will understand and appreciate your work. S4 is also the place where your research will get noticed. We invite a select set of press that cover the ICS security beat and are widely read. In the last two years we have had the NY Times, Washington Post, Wired, Dark Reading, ThreatPost, 60 Minutes and other important press and cover S4 research in detail.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github