Let's Get Physical: Network Attacks Against Physical Security Systems

Presented at ToorCon San Diego 18 (2016), Oct. 15, 2016, 11 a.m. (50 minutes).

With the rise of the Internet of Things, the line between the physical and the digital is growing ever more hazy. Devices that once only existed in the tangible world are now accessible by anyone with a network connection. Even physical security systems, a significant part of any large organization’s overall security posture, are being given network interfaces to make management and access more convenient. But that convenience also significantly increases the risk of attack, and hacks that were once thought to only exist in movies, like opening a building’s doors from a laptop or modifying a camera feed live, are now possible and even easy to pull off. In this talk, we will discuss this new attack surface and demonstrate various ways an attacker can circumvent and compromise devices such as door controllers, security cameras, and motion sensors over the network, as well as ways to protect yourself from such attacks.


Presenters:

  • Ricky Lawshae / HeadlessZeke as Ricky "HeadlessZeke" Lawshae
    Ricky “HeadlessZeke” Lawshae has spent the better part of the last decade voiding warranties and annoying vendors for both business and pleasure. He has spoken at several conferences including Defcon, Ruxcon, Recon, and Insomnihack on a variety of topics involving network protocols and embedded devices. By day, he works as a mild-mannered security researcher for TippingPoint DVLabs. By night, he roams the streets in search of justice. Matt Knight, Decoding LoRa, A Modern Wireless Network for the Internet of Things

Similar Presentations: