Outsmarting the Smart City

Presented at DEF CON 26 (2018), Aug. 11, 2018, 4 p.m. (45 minutes)

The term"smart city" evokes imagery of flying cars, shop windows that double as informational touchscreens, and other retro-futuristic fantasies of what the future may hold. Stepping away from the smart city fantasy, the reality is actually much more mundane. Many of these technologies have already quietly been deployed in cities across the world. In this talk, we examine the security of a cross-section of smart city devices currently in use today to reveal how deeply flawed they are and how the implications of these vulnerabilities could have serious consequences.

In addition to discussing newly discovered pre-auth attacks against multiple smart city devices from different categories of smart city technology, this presentation will discuss methods for how to figure out what smart city tech a given city is using, the privacy implications of smart cities, the implications of successful attacks on smart city tech, and what the future of smart city tech may hold.

Presenters:

• Daniel Crowley / unicornFurnace - Research Baron, IBM X-Force Red   as Daniel "unicornFurnace" Crowley
  Daniel has been working in infosec since 2004, is TIME's 2006 Person of the Year, and brews his own beer. Daniel is the primary author of both the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. @dan_crowley
• Jennifer Savage / savagejen - Hacker   as Jen "savagejen" Savage
  Jennifer Savage has over a decade of experience in tech including penetration testing, vulnerability assessment, vulnerability management, software development, technical management, and consulting services for companies ranging from startups to the Fortune 100. @savagejen
• Mauro Paredes - Hacker
  Mauro has many years of experience performing penetration testing and security assessments for clients in Canada, USA, Germany, Mexico and Venezuela. Mauro has experience across several industries, including finance, telecommunication, e-commerce, technology providers, retail, energy, healthcare, logistics and transportation, government; and education.

Links:

• https://defcon.org/html/defcon-26/dc-26-speakers.html#Crowley
• https://infocon.org/cons/DEF CON/DEF CON 26/DEF CON 26 video and slides/DEF CON 26 - Daniel Crowley and Panel - Outsmarting the Smart City.mp4
• https://infocon.org/cons/DEF CON/DEF CON 26/DEF CON 26 video and slides/DEF CON 26 - Daniel Crowley and Panel - Outsmarting the Smart City.srt (subtitles)
• https://www.youtube.com/watch?v=5z-rKz5ABgI

Similar Presentations:

• Black Hat USA 2018 / Outsmarting the Smart City
• 33C3 (2016) / On Smart Cities, Smart Energy, And Dumb Security
• Black Hat USA 2015 / Pen Testing a City