Black Hat Europe 2012's organizers have revealed several new briefing sessions that delve into security issues that can arise in both embedded and machine-to-machine systems, beyond the more common security battleground of traditional computing devices.
//Jay Radcliffe, a senior threat intelligence analyst at a major computer security organization, will lead "Issues with Embedded Device Disclosures: Helping the Vendors and Recognizing the End-Users." He'll discuss the ethics and implications of disclosing security issues in embedded devices, with a focus on the different ways disclosure affects device vendors, end users, and the researchers themselves.
Typically security research focuses on exploits in traditional computing devices, but as witnessed with last year's explosion of scope, there is a need to expand our thinking about who is most at risk from vulnerabilities and how such vulnerabilities should be publicized.
Searle's presentation will explore Smart Meter architecture, protocols, their embedded components, and the functionality of their headend servers. He'll explain current penetration testing methodologies (complete with a live demo), list the common vulnerabilities, and discuss recommended solutions for Smart Meter vendors.
//Finally, iSEC Partners Security Consultant Don A. Bailey will consider the dangers faced by non-traditional devices connected to the telephone system in "War Texting: Weaponizing Machine to Machine Systems."
More and more, devices like 3G Security Cameras, Urban Traffic Control systems, Home Control and Automation systems, and even vehicles are telephony enabled, able to receive SMS or GPRS signals that trigger firmware updates, Are You There requests, and even data solicitations. Though increasingly capable of affecting the physical world, these systems lack the typical protections and safeguards enjoyed by IP-enabled systems. Bailey will help participants understand the new threat models and implement relevant security systems.