We live in an analog world, but program and develop in digital systems. ADCs (analog-to-digital converters) are small integrated circuits (IC) that transform physical variables (amperage or voltage) into bytes in order to connect the worlds of analog and digital. Those bytes are then interpreted by most modern systems to initiate an appropriate or desired action. So the accurate interpretation of the data is important, especially in critical embedded and industrial control systems (ICS), as the wrong interpretation could create unsafe or even catastrophic conditions.

Consider an ADC that monitors the state of an important analog process (e.g., an industrial controller sending analog signals to a motor to change its speed). The ADC could be inside a safety system that will shut down the motor if an incorrect signal value is received. But what if it was possible to generate an analog signal that will be intentionally misinterpreted by the safety system? For example, if a signal was supplied that caused vibration issues in the motor (i.e., that would eventually destroy it), but was interpreted as a correct signal (e.g., constant 5V) by the safety ADC.

In previous research we have proven this is possible (at least with successive approximation ADC). But this talk will focus on the features, “design vulnerabilities,” and attacks leading to misinterpretations of the analog signal for the most popular ADC in the industry; the sigma-delta. Various exploit signal variants and crafting methods will be shown, as well as an overview of some of the popular “industry standard” ADC behaviors in case of such attacks, and attack scenarios in the areas of ICS, embedded, and Radio-Frequency systems. The talk will be concluded with possible consequences and mitigations.

About Alexander Bolshev
Alexander Bolshev is a Security Consultant for IOActive. He holds a Ph.D. in computer security and works as an assistant professor at Saint-Petersburg State Electrotechnical University. His research interests lie in distributed systems, as well as mobile, hardware, and industrial protocol security. He is the author of several whitepapers on topics of heuristic intrusion detection methods, Server Side Request Forgery attacks, OLAP systems, and ICS security. He is a frequent presenter at security conferences around the world, including Black Hat USA/EU/UK, ZeroNights, t2.fi, CONFIdence, and S4.

About hardwear.io
hardwear.io Security Conference is a platform for hardware and security community where researchers showcase and discuss their innovative research on attacking and defending hardware. The objective of the conference revolves around four key concerns in hardware, firmware and related protocols; backdoors, exploits, trust, and attacks (BETA).

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Dr. Andrew Zonenberg will co-present with Bulent Yener, Professor of Computer Science at Rensselaer Polytechnic Institute, on Antikernel, a novel operating system architecture consisting of both hardware and software components and designed to be fundamentally more secure than the state of the art.

The “kernel” model has been part of operating system architecture for decades, but upon closer inspection it clearly violates the principle of least required privilege. The kernel is a single entity which provides many services (memory management, interfacing to drivers, context switching, IPC) that have no real relation to each other, and has the ability to observe or tamper with all states of the system. To make formal verification easier, and improve parallelism, the Antikernel system is highly modular and consists of many independent hardware state machines (one or more of which may be a general-purpose CPU running application or systems software) connected by a packet-switched network-on-chip (NoC). We create and verify an FPGA-based prototype of the system.

About Andrew Zonenberg
Dr. Zonenberg is a senior security consultant at IOActive. He received a PhD and BS in computer science from Rensselaer Polytechnic Institute (RPI), where he designed and taught the first ever full-semester course on semiconductor reverse engineering.

His primary research focuses are integrated circuit (IC) security, IC reverse engineering, and embedded/hardware security. Other research interests include computer and system on chip (SoC) architecture, programmable logic, and operating system security. He is an active contributor to siliconpr0n.org and a regular speaker at industry and academic conferences in both the USA and Canada.

About CHES
The annual CHES conference highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Shane Macaulay will present on his style of code hooking at DEF CON 2016 in Las Vegas. The use cases for hooking code execution are abundant and this topic is very expansive. EhTracing (pronounced ATracing) is a technique that allows monitoring/altering of code execution at a high rate with several distinct advantages.

For more information on IOActive’s Security Services, please visit https://ioactive.com/services/

About Shane Macaulay (aka K2)
Shane Macaulay likes to poke around at security cyber stuff, writing tools and exploits to get an understanding of what’s easy, hard, and fun/profit! He’s written and contributed to books, papers, and spent time at security conferences over the years. Shane currently works with IOActive and enjoys a diverse and challenging role analyzing some of the most complex software systems around.

About DEF CON
DEF CON is one of the oldest continuously running hacker conventions around, and also one of the largest. Last year’s attendance set a record at 14,500 registered participants. For more information on DEF CON, please visit https://www.defcon.org/html/links/dc-faq/dc-faq.html

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.

Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Corey Thuen will participate in a panel discussion about the future of connected cars and autonomous vehicles. The panel will look to answer important questions from an attacker’s perspective, such as: What role will hacking play in the adoption of autonomous vehicles? Will we share a pool of connected autonomous cars? If so, what impact will that have, and what threats will we face? What will the world look like in 15-20 years with an ideal, autonomous connected fleet?

About Corey Thuen
Corey Thuen is a Senior Security Consultant at IOActive where he focuses on transportation and industrial control security. He has spent over a decade hacking critical infrastructure systems. Corey’s recent research has been in the realm of vehicle security and remote telemetry dongles.

Before joining IOActive, Corey served as Security Researcher at Digital Bond. Earlier, Corey worked at Southfork Security and Idaho National Laboratory. He is a NSA CyberCorps Scholarship for Service Fellow and received a Master of Science degree in Computer Science from the University of Idaho. He regularly speaks at conferences, teaches hands-on training exercises, and participates in Capture-the-Flag competitions.

About Future Car Conference 2016
Bank of America Merrill Lynch EU Autos Team is hosting the one-day Future Car Conference 2016 for all investors. The day will cover all aspects of future mobility from car sharing to autonomous vehicles, connected vehicles, EV battery technologies, future mobility services, and supplying the future car (software and hardware). The general format of the event will be a selection of keynote presentations, panel sessions, and small group/1-on-1 sessions.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Smart home devices, cars, and even entire city networks can all be breached without a huge amount of effort. In this talk, Cesar provides examples of just how deficient Internet of Things (IoT) security is and discusses what can be done to remedy this dangerous situation.

About Cesar Cerrudo
Cesar Cerrudo is CTO for IOActive Labs where he leads the team in producing ongoing, cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting–which was acquired by IOActive–Cesar is a world-renowned security researcher and specialist in application security.

Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications, including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter. He has a record of finding more than 50 vulnerabilities in Microsoft products and more than 20 in Microsoft Windows operating systems. Cesar has authored several white papers on database and application security as well as attacks and exploitation techniques based on his unique research. He has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, BlueHat, 8.8, Hackito Ergo Sum, NcN, and DEF CON. Cesar collaborates with, and is regularly quoted in, print and online publications.

About RISE
RISE is produced by the team behind Web Summit. In five short years, Web Summit has become Europe’s largest tech conference which last year attracted 42,000 attendees from 134 countries around the world.

In May 2016, people from the world’s biggest companies and most exciting startups will come to Hong Kong to share their stories and experiences at RISE. They’ll be joined by major global media, hundreds of investors and thousands of attendees for three days of legendary networking.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

From 2013 to 2015, the number of research and services hours IOActive devoted to vehicle cybersecurity increased fivefold and netted findings that made headlines worldwide. In this presentation, Corey will provide exclusive insight into the collective findings of this research, including a big picture overview of the types of vulnerabilities identified, the systems and attack vectors targeted, and how significant the vulnerabilities really are.

This data will be useful when considering cybersecurity strategy, giving valuable insight into the common struggles and failures the industry faces, and some solutions. Corey will also walk through an example vulnerability to provide a practical understanding of how security researchers work.

About Corey Thuen
Corey Thuen is a Senior Security Consultant at IOActive where he focuses on transportation and industrial control security. He has spent over a decade hacking critical infrastructure systems. Corey’s recent research has been in the realm of vehicle security and remote telemetry dongles.

Before joining IOActive, Corey served as Security Researcher at Digital Bond. Earlier, Corey worked at Southfork Security and Idaho National Laboratory. He is a NSA CyberCorps Scholarship for Service Fellow and received a Master of Science degree in Computer Science from the University of Idaho. He regularly speaks at conferences, teaches hands-on training exercises, and participates in Capture-the-Flag competitions.

About the escar USA Conference 2016
escar is the leading automotive cybersecurity workshop. Last year’s third annual escar USA conference was a tremendous success, and this year’s conference will once again bring together industry, academia, and government organizations.

escar USA’s technical program will feature leading international experts in the area. It will be the place for dissemination of state-of-the-practice approaches to cybersecurity in the automotive industry and provide a forum to exchange ideas for building a cybersecurity knowledge base in the automotive industry.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

In this presentation, Cesar takes a deep dive into building secure, hacker-proof software capable of withstanding sophisticated cyber attacks. He will cover some of the main problems affecting software security and provide attendees with solutions to help build more secure software. He will also explore reverse engineering, code review, social engineering, and more.

About Cesar Cerrudo
Cesar Cerrudo is CTO for IOActive Labs where he leads the team in producing ongoing, cutting-edge research in the areas of SCADA, mobile device, application security, and more. Formerly the founder and CEO of Argeniss Consulting–which was acquired by IOActive–Cesar is a world-renowned security researcher and specialist in application security.

Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications, including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter. He has a record of finding more than 50 vulnerabilities in Microsoft products and more than 20 in Microsoft Windows operating systems. Cesar has authored several white papers on database and application security as well as attacks and exploitation techniques based on his unique research. He has been invited to present at a variety of companies and conferences including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, BlueHat, 8.8, Hackito Ergo Sum, NcN, and DEF CON. Cesar collaborates with, and is regularly quoted in, print and online publications.

About RISE
RISE is produced by the team behind Web Summit. In five short years, Web Summit has become Europe’s largest tech conference which last year attracted 42,000 attendees from 134 countries around the world.

In May 2016, people from the world’s biggest companies and most exciting startups will come to Hong Kong to share their stories and experiences at RISE. They’ll be joined by major global media, hundreds of investors and thousands of attendees for three days of legendary networking.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Today, you can find many devices based on AVR microcontrollers. These devices range from Arduino-based amateur projects to serious automotive, home automation, and industrial control system controllers and gateways. While there are technical talks related to reverse engineering and developing exploits for AVR-based devices, there is a lack of full-scale guidance to answer the question “I have an AVR device and downloaded the firmware; I found a potential case that looks like vulnerability, what should I do now?”

The goal of Alexander and Boris’ class is to give you the knowledge and skills to answer this question.

During this class, you will learn about reverse engineering AVR firmware and exploitation specifics. Alexander and Boris will talk about tools and techniques, review AVR architecture, teach you how to write ROP chains for AVR, and use other methods that force MCUs to do things that firmware developers didn’t expect. Post-exploitation topics (like re-flashing and altering the bootloader) will also be covered.

The journey will start with simple programs, quickly advance to different AVR ’libc’ and compilers, including some AVR RTOSes and popular Arduino libraries, and finish with a real-world case of industrial gateway exploitation.

Attendees will be supplied with JTAG programmers, Atmega328 devboards, and specially crafted Atmega128 boards (with several RF and UART interfaces) to perform all of the exercises and examples on real hardware.

Class Prerequisites:

• Basic understanding of memory corruption (buffer overflow) vulnerabilities and embedded (or ICS) device architecture
• Ability to read/understand C code would be great, but not mandatory
• A laptop with at least two USB ports and VMWare/VirtualBox installed (a virtual machine with all required software will be supplied)

About Alexander Bolshev
Alexander Bolshev is a Security Consultant for IOActive. He holds a Ph.D. in computer security and works as an assistant professor at Saint-Petersburg State Electrotechnical University. His research interests lie in distributed systems, as well as mobile, hardware, and industrial protocol security. He is the author of several white papers on topics of heuristic intrusion detection methods, Server Side Request Forgery attacks, OLAP systems, and ICS security. He is a frequent presenter at security conferences around the world, including Black Hat USA/EU/UK, ZeroNights, t2.fi, CONFIdence, and S4.

About Boris Ryutin
Boris Ryutin is an Information Security Researcher for Digital Security. He graduated from the Baltic State Technical University “Voenmeh”, faculty of space technology, and is currently a postgraduate student there. Prior to this, he was a security engineer at ZORSecurity. He is a contributor to MALWAS post-exploitation framework, a recurring writer for the ][akep magazine, as well as a contributor and developer in several open-source information security projects. He is also a Radare2 evangelist.

About S4xEurope
Digital Bond’s S4 series provides the freshest and most advanced industrial control system (ICS) cyber security content. We assume you understand and are tired of hearing the basics over and over again. S4 now comes to Europe for the first time with an event designed for Plant Managers, CISO and other leaders responsible for securing ICS.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Developers may inadvertently introduce vulnerabilities throughout their source code. Even in the most secure environments, a manual source code analysis can expose exploitable issues. Fernando’s talk will inform attendees on how to handle source code audits in various programming languages, how different companies (and consultants) perform these audits, and what types of vulnerabilities are commonly found based on the scenario.

About Fernando Arnaboldi
Fernando Arnaboldi is a Senior Security Consultant for IOActive, where he specializes in performing penetration attacks and source code reviews on multiple platforms. He has over ten years of experience in the security research space (Deloitte, Core Security Technologies, and IOActive), and he holds a Bachelor’s degree in Computer Science. His latest research has also been selected as part of Dark Reading’s ‘Top 10 Web Hacking Techniques for 2015.’

About OWASP Costa Rica
OWASP is a not-for-profit, worldwide organization focused on improving the security of application software. Our mission is to make application security visible, so that people and organizations can make informed decisions about true application security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license.

The Costa Rican chapter is part of this initiative and our objective is to provide a state of the art forum to talk about application security. The idea is to get people involved and share knowledge.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Key Attribute and Risk Management and Analysis (KARMA) is a method for rating a system’s ability to avoid negative outcomes based on a limited number of key attributes. The system leverages subject matter expert (SME) knowledge of the particular system being rated, and its goal is to find the attributes that best predict negative outcomes in the real world.

Analogs exist already in industries such as Healthcare, Insurance, and Finance. In these fields it’s possible to gather information about a relatively small number of things regarding a system/person/situation, and then make informed decisions about how likely the subject is to have an undesirable outcome (e.g. premature death, insurance payout, or loan default).

The goal of the KARMA system is to do the same for information security as it pertains to other types of systems. These include security program components, such as vulnerability management and insider threats, as well as system components, such as applications, operating systems, etc.

This talk will provide an overview of how KARMA can be used to gain a more accurate view of real-work risk (i.e. knowing your actual attacker-based risk, instead of your compliance with arbitrary standards).

About Daniel Miessler
Daniel Miessler is Director of Advisory Services with IOActive where he is focused on leveraging IOActive’s pedigree in testing and research to help customers measure, rate, and improve the effectiveness of their strategic security programs. Daniel has 15 years of experience in information security with a focus on web, mobile, and Internet of Things (IoT) and is a project leader for the OWASP IoT and OWASP Mobile Top Ten projects.

About SOURCE Boston 2016
At SOURCE, we pride ourselves on having some of the best speakers in the world speak at our conferences. But we’re about so much more than just great talks. We are one of the only conferences that brings business, technology and security professionals together under one roof to focus on real-world, practical security solutions for some of today’s toughest security issues.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github