Owning a Building: Exploiting Access Control and Facility Management Systems

Presented at Black Hat Asia 2014, Unknown date/time (Unknown duration).

Modern facilities (such as corporate headquarters) are marvels of engineering. These buildings employ numerous embedded and software systems to help ensure convenience, efficiency, and even security. The door that unlocks after you swipe your badge is managed by an access control system. The lights and even power to your building are managed by a facility management system. These invisible embedded and software systems make modern life in the corporate headquarters convenient and comfortable. What if someone were to take over these systems? Join us as we demonstrate what can happen when these systems are compromised. We'll cover various vulnerabilities that exist in access control systems, facility management systems, and other systems that support modern buildings. We'll show real examples of how these systems can be exploited to unlock the front door to your corporate headquarters, disrupt business operations, and even shut the lights off in your building.


Presenters:

  • Billy Rios - Qualys
    Billy is the Director of Vulnerability Research at Qualys. Billy studies emerging threats with a focus on embedded devices, Industrial Control Systems (ICS), and Critical Infrastructure (CI). Before Qualys, Billy was a Technical Lead at Google where he led the front-line response for externally reported security issues and incidents. Prior to Google, Billy was the Security Program Manager at Internet Explorer (Microsoft). During his time at Microsoft, Billy led the company’s response for several high profile incidents, including the response for Operation Aurora. Before Microsoft, Billy worked as a penetration tester, an intrusion detection analyst, and served as an active duty Marine Corps Officer.

Links:

Similar Presentations: