PLEASE JOIN US FOR THE NEXT INSTALLMENT IN THE BLACK HAT WEBCAST SERIES |
|
|
|
4 IoT Systems, 4 Threat Modeling Failures |
|
|
|
Thursday, July 16, 2020 11:00AM - 12:00PM PDT // 60 MINUTES, INCLUDING Q&A | | | Sponsored By:
 |
The IoT is hugely diverse: home assistants, fitness trackers, medical devices, home security, kid trackers, smart TVs, industrial equipment, crypto wallets, car alarms and even sex toys. We've seen security and privacy failures in nearly all these systems, some trivial, some serious. In today’s IoT, security failures in these systems might seem trivial, but in 10 years, these systems will be ruling our lives.
We suspect that the developers of the products failed to predict which threats they needed to protect against. Unless security is considered during the design of these systems, they will never be truly secure.
We’ll look at 4 practical examples where lessons can be learned:
- Crypto-wallets that didn't take into account physical access
- A telematics unit in a car that allowed us to take control of the corporate network
- An EV car charger that relied on the security of a Raspberry Pi
- Police body cameras that place confidentiality above authenticity of data.
Hopefully you’ll be able to see the mistakes that were made, alongside the simple solutions to these issues. |
|
|
|
|
|
|
|
|
Andrew Tierney Andrew leads the hardware team at Pen Test Partners. He covers all systems that aren't general purpose computers: IoT, phones, cars, ships, planes and industrial control. On the offensive side, he has spent many years reverse engineering, researching and findingvulnerabilities in these systems.
On the defensive side, he takes the knowledge gained from research and advises companies on how to build secure products. This ranges from the nitty-gritty of securing devices against physical attack, through to developing complete connected platforms that make use of defence-in-depth so that they can stay secure through the entire lifecycle of the product. |
|
|
|
John Grimm John Grimm, Vice President Strategy, nCipher Security, an Entrust Datacard company
John Grimm is Vice President of Strategy and Business Development at nCipher Security, an Entrust Datacard company, and a world leader in hardware security modules (HSMs). nCipher empowers world-leading organizations by delivering trust, integrity and control to their business critical information and applications. |
|
|
|
| | | Upcoming Black Hat Events |
|
|
|
August 1-6, 2020 | Virtual Event |
|
|
|
September 29 - October 2, 2020 | Singapore |
|
|
|
|
