More than 12 billion devices can be connected to the Internet today, and it is estimated that by 2020, there will be at least 26 billion connected devices. Some analysts say that number is too low, predicting it will exceed 100 billion. Welcome to the world of the Internet of Things (IoT). Generally, five broad categories are used when talking about ’smart’ devices: wearable, home, city, environment, and enterprise.

In the future, devices will talk to people and other devices wirelessly, in the home, when traveling, and while at work. Enterprises will be able to interrogate increasing amounts of data, giving them deeper insight into customers, potential customers, and their habits. But with greater insight comes greater risk. The more companies know about their customers, the more customers expect a duty of care with their information. Data breaches are going to become ever more costly in the future – both financially and to corporate reputations.

Neil and the roundtable delegates will discuss the age of remote monitoring and management in Smart Cites and the associated risk management. They will also discuss:

• How do companies stay competitive when so much information is available to everyone?
• Who will the casualties be?
• The role of big data – monitor, capture, analyse
• Information revolution 2.0
• IoT: Consumer driven, but corporations profit

About Neil Haskins
Neil Haskins is General Manager, Middle East for IOActive where he is responsible for evolving the company’s portfolio of regional services, developing new business opportunities, and providing localised support to IOActive customers. Neil has a proven 25-year track record in the security industry and has worked within several government establishments, both in the UK and overseas. Neil has successfully delivered security solutions in nearly all major industry sectors, ranging from finance and healthcare to manufacturing and retail.

A certified security professional and ethical hacker, Neil holds memberships with the Institute of Information Security Professionals, Royal United Services Institute for Defence and Security Studies, and ASIS International. Neil is credited with building several world-class, cyber-forensics laboratories, as well as leading numerous digital investigations in conjunction with corporate compliance teams and local law enforcement.

About MEED
MEED is a remarkable senior management media brand that encompasses a subscription website and magazine, more than 30 C-level executive conferences and summits hosted by MEED Events, the MEED Quality Awards for Projects and two high-value content businesses, MEED Projects and MEED Insight. MEED Projects is the Middle East’s premium project tracking database and MEED Insightoffers tailored research and in-depth analysis.

Established in 1957, MEED, has been integral to delivering business information and news, intelligence and analysis on the Middle East economies and activities ever since. Attracting a key senior management audience through its content and activities, MEED is a media brand and publication that covers a spectrum of services that inform.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

In this panel session, participants representing segments of the IoT value chain and firms that deploy IoT solutions will discuss the opportunities, challenges, and issues to address to ensure the security of smart, connected products and processes.

Moderated by Michele Pelino, Principal Analyst at Forrester Research. Featuring:

• Andrey Nikishin, Kaspersky Lab
• Dr. Dale Nordenberg, Medical Device Innovation, Safety and Security Consortium
• Daniel Miessler, Director of Advisory Services, IOActive
• Joshua Bartolomie, Director, Cyber Security Architecture and Operations, Harris Corporation
• Bruce Perrin, COO and CIO, Phenix Energy Group
• Kevin Garrison, Principal Director and Director of Analytics, Department of Defense

About Daniel Miessler
Daniel Miessler is Director of Advisory Services with IOActive, a global security research and services firm headquartered in Seattle, WA. Daniel has 15 years of experience in information security with a focus on web, mobile, and IoT, and is a project leader for the OWASP IoT and OWASP Mobile Top Ten projects.

About Forrester Digital Transformation 2016
Today’s successful digital business requires an effective partnership between technology and digital business leaders. DIGITAL TRANSFORMATION 2016 is designed for both.

Today, many organizations are in the midst of this critical pivot — deploying new tools and systems to align with opportunities created by digital technologies and to meet the demands of digitally empowered customers. Faced with this unfamiliar complexity, the pursuit of digital transformation can stall and fail.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information.  Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Our world is analog. Computers are digital. When a microcontroller in an Industrial Control System (ICS) or embedded system acquires data from the physical world, it uses analog-to-digital converters (ADC) to transform amperage or voltage into a useful unit of measurement.

In this talk, Alexander and Marina discuss a rarely-addressed topic of analogue signals processing security. Tampering with frequency and phase can cause an ADC to output spurious digital signals; modifying the ranges can cause integer overflow and trigger logic vulnerability in the PLC or embedded software. They analyze several ADC attack vectors, signal scaling misconfiguration and every other design detail that would allow an attacker to fool an ADC—and the systems depending on its output signal. Alexander and Marina will demonstrate how vulnerabilities can be exploited in software and conclude with the potential consequences of attacks that can exploit physical processes. 

About Alexander Bolshev
Alexander Bolshev is a Security Consultant for IOActive. He holds a Ph.D. in computer security and also works as an assistant professor at Saint-Petersburg State Electrotechnical University. His research interests lie in distributed systems, mobile, hardware and industrial protocols security. He is the author of several whitepapers on topics of heuristic intrusion detection methods, Server Side Request Forgery attacks, OLAP systems and ICS security. He is a frequent presenter at security conferences around the world, including Black Hat USA/EU/UK, ZeroNights, t2.fi, CONFIdence, and S4. 

About Marina Krotofil
Marina Krotofil is a Security Researcher at the Honeywell Cyber Security Lab. Previously she worked as a Senior Security Consultant at the European Network for Cyber Security. She completed doctoral degree research in ICS security at Hamburg University of Technology, Germany. Her research over the last few years has been focused on the design and implementation of practical cyber-physical attacks and the design of process-aware defensive solutions and risk assessment approaches. Marina has authored more than a dozen papers on cyber-physical security. She gives workshops on cyber-physical exploitation and is a frequent speaker at leading security events globally. She holds an MBA in Technology Management, MSc in Telecommunication and MSc in Information and Communication Systems. 

About Black Hat Asia 2016
Black Hat is returning to Asia again in 2016, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days–two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings. 

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

From 2013 to 2015, the number of research and services hours devoted to the vehicle cybersecurity space by IOActive increased 5x, and netted findings that made headlines worldwide. In this presentation, Corey will provide attendees with exclusive insight into the collective findings of this research, including a big picture overview of the types of vulnerabilities identified, the systems and attack vectors targeted, and how significant the vulnerabilities really are.

This data will be useful when considering cybersecurity strategy, giving valuable insight into common struggles, failures, and solutions that the industry faces. Corey will also walk through an example vulnerability to provide a practical understanding of how security researchers work.

About Corey Thuen
Corey Thuen is a Senior Security Consultant at IOActive where he focuses on transportation and industrial control security. He has spent over a decade hacking critical infrastructure systems. Corey’s recent research has been in the realm of vehicle security and remote telemetry dongles.

Before joining IOActive, Corey served as Security Researcher at Digital Bond. Earlier, Corey worked at Southfork Security and Idaho National Laboratory. Thuen is a NSA CyberCorps Scholarship for Service Fellow and received a Master of Science degree in Computer Science from the University of Idaho. He regularly speaks at conferences, teaches hands-on training exercises, and participates in Capture-the-Flag competitions. 

About TU-Automotive Cybersecurity USA 2016
TU-Automotive is the reference point and communications hub for the evolving automotive technology segment as it converges with consumer electronics, mobile and the Internet of Things (IoT) to redefine connectivity, mobility and autonomous use cases. TU-Automotive provides the world’s biggest B2B connected car conferences and exhibitions, as well as industry analysis and news. For more information, follow on Twitter @TUAutomotive

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

In this talk, Tao Sauvage will provide the basic knowledge required to begin assessing the security posture of embedded systems. Tao will answer questions such as: What are embedded systems? What is their attack surface? What tools do I need?’

Tao will then provide three real-life examples to illustrate security in the world of embedded systems.

• A repeater WiFi where a flaw in its web interface allowed an attacker to access sensitive information about the device.

• An IP camera where firmware analysis revealed an OS command injection with root privileges.

• A router where the extraction and analysis of the boot loader lead to the decryption of its firmware.

About Tao Sauvage
Tao Sauvage is a Senior Security Consultant for IOActive where he performs embedded device security testing, vulnerability assessments and analysis, secure code reviews, web application penetration testing, network penetration testing, mobile application penetration testing, and social engineering security testing.

Sauvage has been an Offensive Web Testing Framework (OWTF) developer for the Open Web Application Security Project (OWASP) since February 2014. He has participated in Google Summer of Code 2014, and OWASP Winter Code Sprint 2014. He has also served as the president of HackGyver, the hackerspace of Belfort, France.

About SecuRT
SecuRT is a free event open to everyone involved in computer security. For the past three years, it is organized in Montbeliard, the department Networks and Telecommunications of the University of Franche-Comté, with the help of Hackgyver the hackerspace Belfort.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Hooking, tracing, and code coverage analysis methods on Microsoft Windows are both awesome and complex–API Monitor (awesome) and Deviare2 (complex). They generally require three primitive components to be useful: logging infrastructure, symbol/argument recovery, and hook/trampoline generation (a way to install code ‘detours’ in-line).

In this presentation, Shane will demonstrate a zero-knowledge hooking and tracing platform. It does not require symbols or awareness of the count of arguments and provides configurable and substantial trace telemetry (register context), sufficient for coverage analysis. The platform executes very fast (not debugging) and requires no binary modifications (ROP hooking) to the application being analyzed.

About Shane Macaulay
Shane Macaulay is the director of incident readiness for IOActive and is experienced in enterprise-level network and application assessment and consultation.

Macaulay takes a deep, broad approach to security and has worked with every major UNIX distribution, Microsoft platform, and networking operating system. He has contributed to the security community by way of various papers, books, and technical applications, and he has discovered numerous compiler bugs (both native and managed), one of which was used to win the non-obvious source code backdoor contest at DefCon 2010.

Macaulay is an alumni member of the international security group The Honeynet Project and has worked with IBM, Bloomberg, @Stake/Symantec, financial exchanges/firms, and many high-tech industry giants.

About CanSecWest 2016
CanSecWest, the world’s most advanced conference focusing on applied digital security, is about bringing the industry luminaries together in a relaxed environment which promotes collaboration and social networking. The conference lasts for three days and features a single track of thought provoking presentations, each prepared by an experienced professional and talented educator who is at the cutting edge of his or her field. We give preference to new and innovative material, highlighting important, emergent technologies, techniques, or best industry practices.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Today’s transportation sector is a complex ecosystem of connected technologies. Recent media attention on the vulnerabilities that resulted in the recall of over one million Jeep vehicles has made cooperation between industries even more urgent. Join industry experts from IOActive, General Motors, Venable, and the ICIT as they discuss risks and propose improvements for connected vehicle security.

About Daniel Miessler
Daniel Miessler is a Director of Client Advisory Services for IOActive, based out of San Francisco, California. Daniel has 15 years of experience in information security with a focus on web, mobile, and IoT, and is a project leader for the OWASP IoT and OWASP Mobile Top Ten projects. In his spare time, he enjoys reading, writing, programming, and table tennis.

About Parham Eftekhari
Parham Eftekhari is a Co-Founder and Senior Fellow at the Institute for Critical Infrastructure Technology, a nonpartisan think tank that provides objective advisory to the House, Senate, federal agencies, and critical infrastructure stakeholders. Eftekhari has briefed both the House and Senate and presented at dozens of institutions, including the World Bank Federal Government conferences. He also serves on the DHS Healthcare and Public Health Sector Coordinating Council as the ICIT representative. Eftekhari holds a B.B.A. from the Grainger School of Business at the University of Wisconsin – Madison and studied French and international business at the Ecole Superieure de Commerce de Paris (ESCP-EAP) in France.

About David Strickland
The Honorable David Strickland, currently a partner at the national law firm Venable LLP, served as the 14^th Administrator of the National Highway Traffic Safety Administration (NHTSA) from 2010 to 2014. During his tenure, he oversaw the creation of the first national fuel economy program in conjunction with the EPA, the launching of the Safety Pilot for the Vehicle to Vehicle Communications program for the U.S. Department of Transportation/NHTSA, and issued the first statement of policy regarding the testing of automated vehicles on public roads. Prior to his appointment to NHTSA, Strickland served as Senior Counsel to the U.S. Senate Commerce Committee, where he was responsible for staff oversight of the Federal Trade Commission, the Consumer Product Safety Commission, and NHTSA (2001–2009).

About Jeff Massimilla
Jeff Massimilla was named Chief Product Cybersecurity Officer, Product Cybersecurity for General Motors in 2014. He leads the team responsible for developing and implementing protocols and strategies to reduce risks associated with vehicle cybersecurity threats. Massimilla joined General Motors in 2001 as a Design Release Engineer and has held multiple roles in electrical and product program engineering, including the development of an entirely new infotainment system. Massimilla holds a bachelor’s degree in electrical engineering from the University of Michigan and master’s degrees in industrial and manufacturing engineering and business administration from the University of Michigan. He serves as Vice Chair of the Auto ISAC, which is advancing cybersecurity protections within the auto industry.

About RSA Conference 2016
RSA Conference is helping drive the information security agenda worldwide with annual industry events in the U.S., Europe and Asia. Throughout its history, RSA Conference has consistently attracted the world’s best and brightest in the field, creating opportunities for conference attendees to learn about IT security’s most important issues through first-hand interactions with peers, luminaries and emerging and established companies. As the IT security field continues to grow in importance and influence, RSA Conference plays an integral role in keeping security professionals across the globe connected and educated.

RSA developed RSA Conference in 1991 as a forum for cryptographers to gather and share the latest knowledge and advancements in the area of Internet security. Today, RSA Conference and related RSA Conference branded activities are still managed by RSA, with the support of the industry. RSA Conference event programming is judged and developed by information security practitioners and other related professionals.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

In this presentation, Jason Larsen will cover advanced tactics for hacking critical infrastructure. The material is targeted to an audience that already understands how to compromise the embedded systems that run a process and wants to accomplish more than just exercising automatic shutdown logic. Jason will explain how to manipulate the physics of the process itself.

About Jason Larsen
Jason Larsen is Principal Security Consultant for IOActive, focusing primarily on SCADA systems and the security of critical infrastructure. Jason joined IOActive from Idaho National Labs (INL) where he performed security assessments of the software and hardware that runs the planet’s critical infrastructure. During his tenure at INL, he conducted full-scope assessments of all major power control system vendors. In addition to laboratory tests, he has performed live power grid penetrations in multiple countries, allowing him to gain control of electric power for a short period of time. Jason has worked in other sectors including chemical manufacturing, pharmaceutical, petroleum, and water.

Before his career in SCADA security, Jason explored numerous other fields, including modeling neutron beams for use in treating brain tumors and writing software to analyze nerve impulses. He has also acted as the analyst of last resort for critical infrastructure malware and served on the Windows 7 penetration testing team.

About RSA Conference 2016
RSA Conference is helping drive the information security agenda worldwide with annual industry events in the U.S., Europe and Asia. Throughout its history, RSA Conference has consistently attracted the world’s best and brightest in the field, creating opportunities for conference attendees to learn about IT security’s most important issues through first-hand interactions with peers, luminaries and emerging and established companies. As the IT security field continues to grow in importance and influence, RSA Conference plays an integral role in keeping security professionals across the globe connected and educated.

RSA developed RSA Conference in 1991 as a forum for cryptographers to gather and share the latest knowledge and advancements in the area of Internet security. Today, RSA Conference and related RSA Conference branded activities are still managed by RSA, with the support of the industry. RSA Conference event programming is judged and developed by information security practitioners and other related professionals.

About IOActive
IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit www.ioactive.com for more information. Follow IOActive on Twitter: http://twitter.com/ioactive.

###

Feeling social?
IOActive in LinkedIn
IOActive on Facebook
IOActive on YouTube
IOActive on Crunchbase
IOActive on Github

Alexander Bolshev, Security Consultant for IOActive, and Marina Krotofil, Independent Security Researcher, to present at Kaspersky Security Analyst Summit 2016

###