Presented at
DEF CON 26 (2018),
Aug. 11, 2018, 4 p.m.
(45 minutes).
The term"smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are and how the implications of these vulnerabilities could have serious consequences.
In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the privacy implications of smart cities, the implications of successful attacks on smart city tech, and what the future of smart city tech may hold.
Presenters:
-
Mauro Paredes
- Hacker
Mauro has many years of experience performing penetration testing and security assessments for clients in Canada, USA, Germany, Mexico and Venezuela. Mauro has experience across several industries, including finance, telecommunication, e-commerce, technology providers, retail, energy, healthcare, logistics and transportation, government; and education.
-
Jennifer Savage / savagejen
- Hacker
as Jen "savagejen" Savage
Jennifer Savage has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100.
@savagejen
-
Daniel Crowley / unicornFurnace
- Research Baron, IBM X-Force Red
as Daniel "unicornFurnace" Crowley
Daniel has been working in infosec since 2004, is TIME's 2006 Person of the Year, and brews his own beer. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool.
@dan_crowley
Links:
Similar Presentations: