We handpicked the top IoT edge, enterprise edge, connected vehicles, and Industry 4.0 product security briefings and presentations at this year’s Black Hat.
The Karamba Security team will attend Black Hat 2019 on August 7th to 8th in Las Vegas. We call on enterprise security thought leaders to shine a light on their IoT edge blind spots and meet us at the Karamba Security booth to learn how! Click here to book a meeting with the team.
Infiltrating Corporate Intranet Like NSA - Pre-auth RCE on Leading SSL VPNs
Sector: Enterprise Edge
Location: Islander EI
Wednesday, August 7th 2:40pm to 3:30pm
Could VPN also stand for “Vulnerable Point of your Network?” Researchers from DEVCORE have found pre-auth RCEs on multiple leading SSL VPNs, and in this briefing, they will disclose pracical attacks they say could compromise millions of targets, including tech giants and industry leaders.
Moving from Hacking IoT Gadgets to Breaking into One of Europe’s Highest Hotel Suites
Sector: Enterprise Edge
Location: Islander FG
Thursday, August 8th 5pm to 6pm
IoT devices can be a security blind spot for companies. In this briefing, learn how hackers can take over IoT devices and then use them as a gateway to hit a larger system – in this case the mobile phone key system of a major hotel chain.
Roadways to Exploit and Secure Connected BMW Cars
Sector: Connected Vehicles
Location: South Seas ABE
Thursday, August 8th 12:10pm to 1pm
In this presentation, three engineers from Keenlab and two security officials from BMW Group will discuss the vulnerabilities of connected cars and how to keep passengers safe.
Arm IDA and Cross Check: Reversing the Boeing 787’s Core Network
Sector: Connected Vehicles
Location: Lagoon GHI
Wednesday, August 7th 4:00pm to 4:50pm
Reuben Santamarta will highlight the Boeing 787’s Core Network, showing the previously unknown vulnerabilities that can let an attacker in.
Attacking Electric Motors for Fun and Profit
Sector: Connected Vehicles
Location: Islander FG
Wednesday, August 7th 11:15am to 12:05pm
Electric motors power everything from autonomous vehicles to industrial robots. They are controlled by hardware and software and are subject to attack. Briefing to be hosted by Matthew Jablonski and Duminda Wijesekera of George Mason University.
Cybersecurity Risk Assessment for Safety-Critical Systems
Sector: Industry 4.0
Location: South Pacific
Wednesday, August 7th 5:05pm to 5:30pm
Today’s critical infrastructure needs strong cybersecurity and this is especially true with space systems. In this presentation, three researchers from Honeywell will discuss cyber threats to space systems and how to make them safer.
Rogue7: Rogue Engineering-Station Attacks on S7 Simatic PLCs
Sector: Industry 4.0
Location: Breakers GHI
Thursday, August 8th 11:00am to 11:50am
Even the latest version of the Siemens industrial control systems devices and protocols can be exploited by attackers. This presentation will show how an attacker could reverse-engineer the cryptographic protocol and inject messages.
Sensor and Process Fingerprinting in Industrial Control Systems
Sector: Connected Vehicles
Location: Breakers GHI
Wednesday, August 7th 11:15am to 12:05pm
This presentation will examine the common cyberattack vectors for crucial infrastructures and review defense strategies.
All the 4G Modules Could be Hacked
Sector: Enterprise Edge
Location: South Seas CDF
Wednesday, August 7th 1:30pm to 2:20pm
How secure are the 4G modules that are used in IoT devices like laptops and vending machines? In this presentation, four researchers from Baidu Security Lab will discuss the major brand 4G modules on the market to seek out their vulnerabilities.
Legal GNSS Spoofing and its Effects on Autonomous Vehicles
“Sector: Connected Vehicles”
Location: Breakers GHI
Wednesday, August 7th 10:30am to 10:55am
Global Navigation System Satellites are a crucial tool, but often public GNSS does not have the necessary integrity mechanisms and is vulnerable to spoofing. Victor Murray of SwRI will discuss the usefulness of real-world evaluation of GNSS vulnerabilities.
Critical Zero Days Remotely Compromise the Most Popular Real-Time OS
Sector: Enterprise Edge
Location: South Seas CDF
Thursday, August 8th 2:30pm to 3:20pm
Ben Seri and Dor Zusman of Armis Security will show the vulnerabilities they’ve found in a real-time, very well-known OS, and show how they can be exploited to breach a secure network.
The Future of Securing Intelligent Electronic Devices Using the IEC 62351-7 Standard for Monitoring
Sector: Industry 4.0
Location: Jasmine
Thursday, August 8th 9:00am to 9:25am
Nozomi Networks Co-founder and CPO Andrea Carcajou and security researchers from Nozomi Networks Labs will analyze how standards like IEC 62351 can defend Industry 4.0 systems against cyber threats.
Chip.Fail - Glitching the Silicon of the Connected World
Sector: Enterprise Edge
Location: Islander FG
Wednesday, August 7th 2:40pm to 3:30pm
Every smart device uses processors, but how safe are they? In this presentation, Thomas Roth and Josh Datko of Keylabs will show how with less than one hundred dollars they can break some of the most popular IoT processors.
Breaking Through Another Side: Bypassing Firmware Security Boundaries from Embedded Controller
Sector: Enterprise Edge
Location: Lagoon GHI
Thursday, August 8th 9:45am to 10:35am
Alex Matrosov of NVIDIA and Alexandre Gazet from Airbus will showcase reverse engineering the Embedded Controller of a Lenovo Thinkpad and demonstrate the design problems inherent in many third-party components.
The Enemy Within: Modern Supply Chain Attacks
Sector: Enterprise Edge
Location: Islander EI
Thursday, August 8th 9:45am to 10:35am
This briefing will go behind the scenes to look at previously undisclosed supply chain attacks and discuss the methods of the attackers and how they were thwarted.