logo
Dates

Author


Conferences

Tags

Sort by:  

Conference:  Defcon 31
Authors: Sharon Brizinov Director of Security Research @ Claroty Team82, Noam Moshe Vulnerability Researcher @ Claroty Team82
2023-08-01

OPC-UA is the most popular protocol today in ICS/SCADA and IoT environments for data exchanges from sensors to on-premises or cloud applications. OPC-UA is therefore the bridge between different OT trust zones and a crown jewel for attacks attempting to break security zones and crossover from the industrial to corporate networks. We have been researching during the past two years dozens of OPC-UA protocol stack implementations being used in millions of industrial products. We focused on two main attack vectors: attacking OPC-UA servers and protocol gateways, and attacking OPC-UA clients. The research yielded unique attack techniques that targeted specific OPC-UA protocol specification pitfalls that enabled us to create a wide range of vulns ranging from denial of service to remote code execution. For example, we explored OPC-UA features such as method call processing, chunking mechanisms, certification handling, complex variant structures, monitored items, race-conditions, and many more. For each part of the specification, we tried to understand its caveats and exploit them to achieve RCE, information leaks, or denial of service attacks. In this talk, we will share our journey, methods, and release an open-source framework with all of our techniques and vulnerabilities to exploit modern OPC-UA protocol stacks.
Conference:  Defcon 31
Authors: Alan Meekins Member, Dataparty, Roger Hicks
2023-08-01

BLE devices are now all the rage. What makes a purpose built tracking device like the AirTag all that different from the majority of BLE devices that have a fixed address? With the rise of IoT we're alsoing seeing a rise in government and corporate BLE survallaince systems. We'll look at tools that normal people can use to find out if their favorite IoT gear is easily trackable. If headphones and GoPro's use fixed addresses, what about stun guns and bodycams? We'll take a look at IoT gear used by authorities and how it may be detectedable over long durations, just like an AirTag.
Conference:  Black Hat Asia 2023
Authors: Roni Gavrilov
2023-05-12

The adoption of Industry 4.0 and IoT (IIoT) technologies into industrial business operations has brought great operational and economic benefits, but also introduced new risks and challenges. One of the major risks is the potential for central points of failure (the cloud), which in the industrial remote access scenario can leave many industrial companies reliant on a single IIoT supplier's security level.IIoT suppliers often provide cloud-based management solutions to remotely manage and operate devices. While some research has been conducted on the security of these IIoT devices' firmwares and protocols, there is still much to learn about the unexpected security risks emerging from their cloud-based management platforms.In our research, we focused on the cloud-based management platforms of three major IIoT gateway suppliers - Sierra Wireless, Teltonika Networks, and InHand Networks. When investigating how they might be exploited by malicious actors, we found out these types of platforms can act as the backdoor for accessing multiple industrial and critical environments at once, bypassing perimeter and defense-in-depth security measures. During the session, we will present three attack vectors that could compromise cloud-managed IIoT devices through their cloud-based management platforms. The discovered vulnerabilities impact thousands of devices in industrial environments, bypassing NAT and traditional security layers. We will provide an in-depth overview of these vulnerabilities and demonstrate multiple vulnerabilities including RCE over the internet, bypassing NAT and reaching directly to the internal network, without any pre-conditions. At the end of the session, we will suggest practical recommendations for asset owners, security architects and IIoT vendors.
Authors: Rey Lejano
2023-04-21

tldr - powered by Generative AI

The presentation discusses the challenges of edge computing and how to solve them using Kubernetes and Cloud Native principles.
  • Resource and physical constraints are challenges in edge computing
  • Kubernetes and Cloud Native principles can bring automation and consistency to edge devices
  • K3s is a Kubernetes distribution specifically designed for resource-constrained environments
  • K3s includes batteries-included features such as containerd, runC, CNI, CoreDNS, and Clipper lb
  • The Linux Foundation's State of the Edge provides a vendor-neutral platform for edge computing research
Authors: Amar Kapadia, Kate Goldenring
2022-10-27

tldr - powered by Generative AI

The presentation discusses the principles and differences between Cloud native and Edge native applications, with a focus on the latter. It also provides examples of Edge native applications and their importance in data security and resource optimization.
  • Edge native applications are designed to process data closer to where it is generated, reducing latency and security risks associated with sending data to the Cloud
  • Nine principles for Edge native applications include resource and deviceware, protocol management, and scalable management
  • Examples of Edge native applications include factory assembly lines and predictive maintenance
  • Data security is a key concern for Edge native applications, with encryption and secure key management being important practices
  • Edge native applications can also inform Cloud native applications, particularly in terms of specialized hardware and management techniques
Authors: David Perez Rodriguez
2022-10-25

Everybody either knows what Kubernetes is or has heard it. It’s a critical component to scalable, high availability and distributed design of most cloud based productions systems. Why would I bother understanding how it behaves outside the cloud provider I commonly use? Well, that was the case of this project, which aimed to build an IoT system that handles Terabytes of data, entirely on-prem due to business needs. As expected, things were not behaving the same as in the cloud provider: lots of kube-api errors, missed heartbeats, database operators started rolling restarting deployments because of it; but the main reason was well hidden from the sight: etcd performance was not great on prem. etcd has an extremely and sustained high performance that is based on two factors: latency and throughput. But in this on-prem environment, latency was affected by the hardware’s initial design. How do you measure etcd performance? Benchmarks to the rescue! Learn about this experience, what is benchmark, what is latency, what is throughput and how to effectively measure etcd performance through benchmarks to correctly test your infrastructure when a brand new kubernetes cluster is created, particularly on-prem, and take advantage of the full potential of the Kubernetes environment.
Authors: Zahra Tarkhani
2022-09-15

tldr - powered by Generative AI

The presentation discusses the challenges of secure partitioning and sharing hardware resources within complex system layers of heterogeneous SoC architectures and proposes a hardware-assisted dynamic partitioning framework for Linux- and TEE-based architectures.
  • Heterogeneous SoC architectures are becoming more popular for complex IoT and edge devices
  • Multiple CPUs and peripherals require secure partitioning and sharing of hardware resources
  • Static hardware partitioning at boot time cannot satisfy most use cases' security, performance, or compatibility requirements
  • Hardware-assisted dynamic partitioning framework is proposed for Linux- and TEE-based architectures
  • Framework modifies the Linux kernel, trusted firmware, and TEE kernel to achieve fine-grained privilege separation
  • Hardware features such as mdac, pack, and mrcs enable hierarchical access control policies for logical separation of secure world from normal world
  • Multiple trusted execution environments and enclaves can be combined to provide strong security features for different use cases
Authors: Neethu Elizabeth Simon, Scott Thomas
2022-06-23

tldr - powered by Generative AI

Converting an old-school textile inspection machine into a smart system using AI/ML is effective and affordable even in the commodity fabric manufacturing industry.
  • Textile inspection is traditionally labor-intensive and error-prone.
  • Computer vision-based AI/ML solution using open source tools was developed for textile defect detection during the fabric inspection process.
  • Old-school manual fabric inspection machine was successfully integrated with cameras and open source AI/ML tools running on high-performance compute device.
  • Reasonably priced system was affordably applied to a much lower cost labor-intensive industry without expensive retooling or excessively high-priced technology.
  • Implementation and integration challenges encountered during design and development of this unique solution were resolved.
  • Model worked but was not scalable enough and was sensitive to folds and creases.
  • Inferencing was good but the system was not robust enough to handle high motor speed.
Authors: Samantha Coyle, Neethu Elizabeth Simon
2022-06-21

tldr - powered by Generative AI

Developing ethical AI software for edge devices
  • AI software can be used for good or bad, so it's important to have a strong moral compass and principles guiding development
  • Intel abides by six ethics principles, including respecting human rights and enabling human oversight
  • Challenges in deploying AI at the edge include resource constraints and data management
  • Postgres database was chosen for data management due to its reliability, efficiency, and security features
  • Security measures were taken to ensure sensitive information is not accessible to unauthorized users
Authors: Steve Wong, Kilton Hopkins
2022-05-19

tldr - powered by Generative AI

The conference presentation discussed the use of edge devices and secure booting in the context of Kubernetes and DevOps.
  • The group focuses on cool technologies as they evolve at a general level, not specific to one use case like telco.
  • Collaboration on firmware and bootloader side is not within the scope of the group, but they welcome presentations and discussions on the topic.
  • Tamper-resistant storage is necessary for secure booting of edge devices.
  • Web assembly is a cool technology that is gaining interest in the group.
  • Telcos have shown interest in the group, but the conversations are not telco-specific.