PRESS CONTACT

Today there is an app for almost everything. But all apps come with security vulnerabilities, many of which have been relatively easy to find with the help of increasingly available frameworks. So developers are now generally better about hardening apps against the most common issues using jailbreak detection and best practices, and many of the known “low hanging” security issues are resident less frequently.

But there are still vulnerabilities not as well known that can only be found with a deeper knowledge of iOS and its underlying assembly code. The aim of this talk is to provide a bridge between the mundane methodologies and vulnerabilities that are easy to find, and a new approach for identifying vulnerabilities that require assembly knowledge to discover.

This talk will include fundamentals of reversing, a primer on iOS architecture, binary patching, reversing MACH-0 binaries, and conclude with real-world examples involving bypassing jailbreak detection routines.

For more information on IOActive’s Security Services, please visit: https://ioactive.com/services/

About Michael Allen

Michael E. Allen is a security consultant at IOActive with more than ten years of experience in the Information Security industry. His primary interests are in programming, exploit development, and reverse engineering. Mr. Allen has extensive skills in design, implementation, enhancement, testing, maintenance, and support of a myriad of software instances. He’s adept in both testing software, as well as assisting development teams with the implementation of software protection mechanisms.

About LASCON
The Lonestar Application Security Conference (LASCON) is an OWASP conference held annually in Austin, TX. It is a gathering of 400+ web app developers, security engineers, mobile developers and information security professionals. LASCON is held in Texas where more Fortune 500 companies call home than any other state and it is held in Austin which is a hub for startups in the state of Texas. At LASCON, leaders at these companies along with security architects and developers gather to share cutting-edge ideas, initiatives, and technology advancements.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

ADCs (analog-to-digital converters) are small integrated circuits (IC) that transform physical variables (amperage or voltage) into bytes in order to connect the worlds of analog and digital. Those bytes are then interpreted by most modern systems to initiate an appropriate or desired action. So the accurate interpretation of the data is important, especially in critical embedded and industrial control systems (ICS), as the wrong interpretation could create unsafe or even catastrophic conditions.

Consider an ADC that monitors the state of an important analog process (e.g., an industrial controller sending analog signals to a motor to change its speed). The ADC could be inside a safety system that shuts down the motor if an incorrect signal value is received. But what if it was possible to generate an analog signal that will be intentionally misinterpreted by the safety system?

If an attacker generated such a signal it could cause serious damage to the industrial actuators, including completely destroying a turbine or other serious consequences to the integrity of the system and facility.

This talk we will present different types of attacks that could be used against electronic components with poorly implemented hardware security design. The focus will be on popular sigma-delta ADCs and will include different exploit signals for real off-the-shelf components.

About Gabriel Gonzalez Garcia
Gabriel Gonzalez Garcia is a Principal Security Consultant at IOActive with more than 13 years of experience in development and security of embedded systems. From network equipment to satellite communications, Gabriel has actively exploited numerous vulnerabilities in a variety of software and hardware systems. Recently he has specialized in industrial equipment with a particular emphasis on smart grid environments.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

We live in an analog world, but program and develop in digital systems. ADCs (analog-to-digital converters) are small integrated circuits (IC) that transform physical variables (amperage or voltage) into bytes in order to connect the worlds of analog and digital. Those bytes are then interpreted by most modern systems to initiate an appropriate or desired action. So the accurate interpretation of the data is important, especially in critical embedded and industrial control systems (ICS), as the wrong interpretation could create unsafe or even catastrophic conditions.

Consider an ADC that monitors the state of an important analog process (e.g., an industrial controller sending analog signals to a motor to change its speed). The ADC could be inside a safety system that will shut down the motor if an incorrect signal value is received. But what if it was possible to generate an analog signal that will be intentionally misinterpreted by the safety system? For example, if a signal was supplied that caused vibration issues in the motor (i.e., that would eventually destroy it), but was interpreted as a correct signal (e.g., constant 5V) by the safety ADC.

In previous research we have proven this is possible (at least with successive approximation ADC). But this talk will focus on the features, “design vulnerabilities,” and attacks leading to misinterpretations of the analog signal for the most popular ADC in the industry; the sigma-delta. Various exploit signal variants and crafting methods will be shown, as well as an overview of some of the popular “industry standard” ADC behaviors in case of such attacks, and attack scenarios in the areas of ICS, embedded, and Radio-Frequency systems. The talk will be concluded with possible consequences and mitigations.

About Alexander Bolshev
Alexander Bolshev is a Security Consultant for IOActive. He holds a Ph.D. in computer security and works as an assistant professor at Saint-Petersburg State Electrotechnical University. His research interests lie in distributed systems, as well as mobile, hardware, and industrial protocol security. He is the author of several whitepapers on topics of heuristic intrusion detection methods, Server Side Request Forgery attacks, OLAP systems, and ICS security. He is a frequent presenter at security conferences around the world, including Black Hat USA/EU/UK, ZeroNights, t2.fi, CONFIdence, and S4.

About t2’16 Infosec Conference
The conference focuses on newly emerging information security research with a balance of topics on auditing and pen-testing, and security and defensive strategies. In general, presentations will address different aspects of information security—all presentations will include demos and be technically oriented and practical. The presenters are not only experienced security professionals at the vanguard of leading information security technology, but also experienced instructors who have prepared tutorials intended to help you stay abreast of the latest developments in this rapidly moving technological field. The best and the brightest have been assembled and they have arranged unique and original material to help you maintain technological leadership. For more information, visit https://t2.fi/conference/.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

The CANBus Protector is an open source solution used to address the problem of aftermarket devices, such as insurance OBDII dongles, that provide new avenues for attackers to potentially take over a vehicle. Attackers with access to the OBDII port, which is used by these devices to provide their intended functionality, are able to take control of vehicle functions in potentially catastrophic ways.

The CANBus Protector essentially isolates these aftermarket devices, thwarting an attacker attempting to gain control through them. So the vehicle, and more importantly its occupants, are kept safe from this increasingly prevalent risk, while still being able to realize the intended benefits of the aftermarket device (such as lower insurance rates) being used. In this demonstration, Corey Thuen, Senior Security Consultant for IOActive, will further explore this important tool in an effort to better protect connected vehicles.

About Corey Thuen
Corey Thuen is a Senior Security Consultant at IOActive where he focuses on transportation and industrial control security. He has spent over a decade hacking critical infrastructure systems. Corey’s recent research has been in the realm of vehicle security and remote telemetry dongles.

Before joining IOActive, Corey served as Security Researcher at Digital Bond. Earlier, Corey worked at Southfork Security and Idaho National Laboratory. Thuen is a NSA CyberCorps Scholarship for Service Fellow and received a Master of Science degree in Computer Science from the University of Idaho. He regularly speaks at conferences, teaches hands-on training exercises, and participates in Capture-the-Flag competitions.

About DOT/DHS Automotive Cybersecurity R&D Showcase
The US Department of Transportation (DOT)/Volpe National Transportation Systems Center (Volpe Center) in collaboration with the Department of Homeland Security Science and Technology Directorate Cyber Security Division (DHS S&T CSD), Open Garages/Theia Labs, and Mitre Corporation are conducting an invitation-only Automotive Cybersecurity R&D Showcase on October 18-20, 2016. This event will be hosted at the Volpe Center in Cambridge, MA. The event will bring together key stakeholders and technologists from government, automotive industry, academia, research laboratories, and independent security research working in the automotive cybersecurity sector.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions. Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

Patch management is often looked down upon due to its simplicity and relatively short shelf life. However, this talk will demonstrate how if we identify patch management as a way to categorize all known and unknown code in our infrastructure (given clouds can be more uniform in deployments), we can utilize it effectively to accomplish a number of important goals.

Memory white listing has become more common in a variety of scenarios, such as game consoles, some cloud, and current Windows versions. We’ll release some memory analysis tools based on memory integrity checking that work for 64 bit versions of Windows (all versions), Linux and *BSD. This will be somewhat of a “tripwire” for volatile memory designed to ensure no hidden, targeted, APT or zero-day threat ransom-ware is present.

Additionally in this talk, Shane will discuss many of the technical challenges abound in ensuring good performance and high integrity to resist unknown attacks/backdoors, including:

• White-List/Database Management
• Multi-Core/Thread State Issues
• Physical Memory to Virtual Memory Extraction
• Process Detection
• Relocations
• Nested/Hypervisors

Changing the status quo for the attest ability of timelines created during an incident without having validated the integrity of all code resident leaves significant risk and known unknowns. A shift towards routine integrity checking of cloud or other systems’ volatile memory can by design eliminate sophisticated threats to such an extent, the only backdoors remaining will be dark infrastructure/configuration-based.

About Shane Macaulay (aka K2)
Shane Macaulay is the Director of Cloud Security at IOActive where he enjoys a diverse and challenging role analyzing complex technology and software systems. He’s written and contributed to numerous security books, papers, and is a regular featured speaker at some of the world’s preeminent security conferences. Shane enjoys poking around in all things cyber security and writing sophisticated tools and exploits to gain a better understanding of the security and vulnerabilities inherent to different technologies.

About SOURCE Seattle 2016
At SOURCE, we pride ourselves on having some of the best speakers in the world speak at our conferences. But we’re about so much more than just great talks.

We are one of the only conferences that brings business, technology and security professionals together under one roof to focus on real-world, practical security solutions for some of today’s toughest security issues. For more information, please visit http://www.sourceconference.com/.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Today there is an app for almost everything. But all apps come with security vulnerabilities, many of which have been relatively easy to find with the help of increasingly available frameworks. So developers are now generally better about hardening apps against the most common issues using jailbreak detection and best practices, and many of the known “low hanging” security issues are resident less frequently.

But there are still vulnerabilities not as well known that can only be found with a deeper knowledge of iOS and its underlying assembly code. The aim of this talk is to provide a bridge between the mundane methodologies and vulnerabilities that are easy to find, and a new approach for identifying vulnerabilities that require assembly knowledge to discover.

This talk, given by Michael Allen, will include fundamentals of reversing, a primer on iOS architecture, binary patching, reversing MACH-0 binaries, and conclude with real-world examples involving bypassing jailbreak detection routines.

About Michael Allen
Michael E. Allen is a security consultant at IOActive with more than ten years of experience in the Information Security industry. His primary interests are in programming, exploit development, and reverse engineering. Mr. Allen has extensive skills in design, implementation, enhancement, testing, maintenance, and support of a myriad of software instances. He’s adept in both testing software, as well as assisting development teams with the implementation of software protection mechanisms.

About AppSecUSA 2016
OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. AppSec USA is a world-class software security conference for developers, auditors, risk managers, technologists, and entrepreneurs gathering with the world’s top practitioners to share the latest research and practices. Attendees will be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle challenges in innovative ways.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Specifications for XML and XML schemas have been designed with multiple security flaws. At the same time, these specifications provide the tools required to protect XML applications. This provides a complex scenario for developers and a fun environment for hackers.

Even though XML schemas are used to define the security of XML documents, they are also used to perform a variety of attacks: file retrieval, server side request forgery, port scanning, and/or brute forcing.

This talk, given by Fernando Arnaboldi, will explore how new attack vectors can be inferred by analyzing the current vulnerabilities and how it is possible to affect common libraries and software. Recommendations will be shared to safely deploy applications relying in XML.

About Fernando Arnaboldi
Fernando Arnaboldi is a Senior Security Consultant for IOActive, where he specializes in performing penetration attacks and source code reviews on multiple platforms. He has over ten years of experience in the security research space (Deloitte, Core Security Technologies, and IOActive), and he holds a Bachelor’s degree in Computer Science. His latest research has also been selected as part of Dark Reading’s ‘Top 10 Web Hacking Techniques for 2015.’

About AppSecUSA 2016
OWASP’s 13th Annual AppSecUSA Security Conference is the premier application security conference for developers and security experts. AppSec USA is a world-class software security conference for developers, auditors, risk managers, technologists, and entrepreneurs gathering with the world’s top practitioners to share the latest research and practices. Attendees will be inspired by fresh ideas, start rethinking the status quo, and leave ready to tackle challenges in innovative ways.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Access to a control network does not itself constitute an attack. Somehow this important fact is often omitted from public documentation. Cédric Lévy-Bencheton will address an attacker’s challenges in designing disruptive assaults on physical infrastructure or operations. This talk draws from Lévy-Bencheton’s extensive experience in offensive cyber-physical security, and covers the complete process of designing and performing a successful attack:

• Infrastructure and process reconnaissance (passive and active)
• Engineering attack scenarios
• Types and complexities of cyber-physical attacks
• Unique attack vectors
• Execution of the attack

About Cédric Lévy-Bencheton
Dr. Cédric Lévy-Bencheton is Managing Consultant at IOActive, where he actively promotes the need for security in every domain of society, with a focus on the Internet of Things and Industrial Control Systems. Previously, Dr. Lévy-Bencheton was expert in cyber security at ENISA, the European Union Agency for Network and Information Security, where he developed the area of Smart Infrastructures and the concept of security for Safety. He has also designed critical networks for public transports and has worked in telecommunications research. Dr. Lévy-Bencheton earned a Ph.D. in Telecommunications from University Lyon in 2011.

About Industrial Control Cyber Security Europe
Against a backdrop of continued cyber attacks against energy firms such as the Ukraine Power Industry, the massive attacks against the Norway oil and gas industry, Saudi Aramco and the continued threats such as Stuxnet, Dragonfly and Black Energy, the Cyber Senate return for the 3rd Annual Industrial Control Cybersecurity Europe meeting to bring key stakeholders together to address our responsibility in ensuring the safety, reliability and stability of our Critical National Infrastructure. For more information, visit http://www.industrialcontrolcyberseceurope.com.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Today there is an app for almost everything. But all apps come with security vulnerabilities, many of which have been relatively easy to find with the help of increasingly available frameworks. So developers are now generally better about hardening apps against the most common issues using jailbreak detection and best practices, and many of the known “low hanging” security issues are resident less frequently.

But there are still vulnerabilities not as well known that can only be found with a deeper knowledge of iOS and its underlying assembly code. The aim of this talk is to provide a bridge between the mundane methodologies and vulnerabilities that are easy to find, and a new approach for identifying vulnerabilities that require assembly knowledge to discover.

The talk will include fundamentals of reversing, a primer on iOS architecture, binary patching, reversing MACH-0 binaries, and conclude with real-world examples involving bypassing jailbreak detection routines.

About Michael Allen
Michael E. Allen is a security consultant at IOActive with more than ten years of experience in the Information Security industry. His primary interests are in programming, exploit development, and reverse engineering. Mr. Allen has extensive skills in design, implementation, enhancement, testing, maintenance, and support of a myriad of software instances. He’s adept in both testing software, as well as assisting development teams with the implementation of software protection mechanisms.

About DerbyCon 6.0
DerbyCon isn’t just another security conference. We’ve taken the best elements from all of the conferences we’ve ever been to and put them into one. DerbyCon is a place you can call home, where you can meet each other, party, and learn. Our goal is to create a fun environment where the security community can come together to share ideas and concepts. Whether you know Linux, how to program, are established in security, or a hobbyist, the ideal of DerbyCon is to promote learning and strengthen the community.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###