TAG | conference
0 Comments | Posted by Stefan Kiese
Last week I had the pleasure to attend the “escar” (Embedded Security in Cars) conference in Cologne, Germany.
Arriving late Tuesday, I had the chance to get a rich breakfast before joining the con in the hotel Dorint at Cologne’s famous place the Heumarkt. Unfortunately I had to deal with two stumbling blocks on my way to the Dobrint: The magnetic sensor of my mobile which went crazy (no compass) and – the date. 11th of November in Cologne means just one thing – carneval! The whole city was just in a state of exception. Everybody on my way to the venue seemed to be drinking or beeing already drunk – at 9am! 😉
Being a little late, I went straight to the room after registration. As there was only one track to follow you could not miss any talk – nice thing!
After we were welcomed by the hosts, and the first talk started.
“Green Lights Forever: Analyzing the Security of Traffic Infrastructure” by Allen Hillaker
The con’s first talk was presented by Allen Hillaker. He was speaking about the security of mostly wireless traffic lights and their infrastructure in the US.
Allen presented the design of a typical traffic intersection which is connected via a radio to the road agency. He also described what happens, when a malfunction is triggered and the malfunction management unit sets the traffic lights to a well known (safe) state.
The traffic lights usually operate at 900MHz or 5.8GHz using a protocol similar to 802.11 (Wifi) without strong safety. They gathered access to the networks by using same model radio the systems at the intersections were using. As possible attacks Denial of Service, the change of the traffic lights’ timings and individual light control were named. To mitigate this, he suggested to use WPA, not broadcasting SSIDs, the use of firewalls, firmware updates and – of course – changing the default credentials. (more…)
Welcome to Dayton
In mid-October our friend Bryan Fite aka Angus Blitter invited the community for the ninth edition of Day-Con. Bryan’s annual security summit, which we regard as the sister event of TROOPERS, is a pretty good reason to visit lovely Dayton, Ohio.
And so we did… ERNW sent in five delegates. Delegates is Day-Con-speak for all attendees and speakers and such a subtle choice of wording sets the tone for the whole event. People seemed to be really focused and the roundtable-like setting during the talks (see above) provided a cozy atmosphere for in-depth expert chatting.
On October 1st and 2nd Flo and I were presenting at
hardwear.io in The Hague, NL. My topic was “Living in a fool’s
wireless-secured paradise” and Flo was presenting his current research
on medical device security. It was the first talk at an international
security conference for me and I am still quite excited! (more…)
While searching for some photos for my last blog post on Thinkst Canary I found a couple more from our recent trip to Black Hat USA and DEF CON, which I consider worth sharing. Nothing too technical, just some visual impressions and comments from my side. Let’s get it on!
Recently I had the pleasure to attend the 24th USENIX Security Symposium and its co-located Workshop on Offensive Technologies (WOOT) in Washington, D.C. The workshop has received quite some attention this year, 57 submissions of which 19 have been accepted, so that the organizers decided to double its length from one to two days. (more…)