DEF CON fans and aficionados– the wait is over. The videos from DEF CON 22 are now available online. While this is not a complete list of all available videos, it showcases many of the ones of interest to the Cavalry and Cavalry followers. If you are looking for the latest that internet security researchers have to offer, enjoy!

 

DEF CON 22: August 7 – 10, 2014

DEF CON Talks
Hacking US (and UK, Australia, France, etc.) traffic control systems, by Cesar Cerrudo
This presentation discusses how to manipulate traffic signals, including how the devices were acquired, the research, on site testing demos (at Seattle, New York and Washington DC), vulnerabilities found and how they can be exploited, and finally some possible NSA style attacks.
 

Hacking 911: Adventures in Disruption, Destruction, and Death, by Christian Dameff, Jeff Tully & Peter Hefley

Emergency medical services (EMS) are the safety nets we rely on every day for rapid, life-saving help in the absolute gravest of circumstances, but these services rely on antiquated infrastructures that were outdated twenty years ago with vulnerabilities large enough to drive an ambulance through, little municipal governmental support for improved security, and a severe lack of standardized security protocols.Quaddi, r3plicant, and Peter- two MDs and a security pro review the archaic nature of the 911 dispatch system and its failure to evolve with a cellular world, the problems that continue to plague smaller towns without the resources of large urban centers, how the mischief of swatting and phreaking can quickly transform into the mayhem of cyberwarfare, and the medical devastation that arises in a world without 911.
 

The Cavalry Year[0] & a Path Forward for Public Safety, by Josh Corman & Nick Percoco

At DEF CON 21, The Cavalry was born. In the face of clear & present threats to “Body, Mind & Soul” it was clear: The Cavalry Isn’t Coming… it falls to us… the willing & able… and we have to try to have impact. Over the past year, the initiative reduced its focus and increased its momentum. With a focus on public safety & human life we did our best “Collecting, Connecting, Collaborating” to ensure the safer technology dependence in: Medical, Automotive, Home Electronics & Public Infrastructure. We will update the DEF CON hearts & minds with lessons learned from our workshops & experiments, successes & failures, and momentum in industry and with public policy makers. Year[0] was encouraging. Year[1] will require more structure and transparency if we are to rise to these challenges… As a year of experimentation comes to an end, we will share where we’ve been, take our licks, and more importantly outline a path forward…
 

Hack All The Things: 20 Devices in 45 Minutes, by CJ Heres, Amir Etemadieh, Khoa Hoang & Mike Baker

When we heard “Hack All The Things,” we took it as a challenge. So at DEF CON this year we’re doing exactly that, we’re hacking everything. We’ve taken all of our previous experience exploiting embedded devices and used it to bring you a presentation filled with more exploits than ever before™. This presentation will feature exploits for over 20 devices including but not limited to TVs, baby monitors, media streamers, network cameras, home automation devices, and VoIP gateways. Gain root on your devices, run unsigned kernels; it’s your hardware, it’s internet connected, and it’s horribly insecure.
 

The Internet of Fails: Where IoT Has Gone Wrong and How We’re Making It Right, by Mark Stanislav & Zach Lanier

This presentation will dive into research, outcomes, and recommendations regarding information security for the “Internet of Things”. Mark and Zach will discuss IoT security failures both from their own research as well as the work of people they admire. Attendees are invited to laugh/cringe at concerning examples of improper access control, a complete lack of transport security, hardcoded-everything, and ways to bypass paying for stuff.Mark and Zach will also discuss the progress that their initiative, BuildItSecure.ly, has made since it was announced this past February at B-Sides San Francisco. Based on their own struggles with approaching smaller technology vendors with bugs and trying to handle coordinated disclosure, Mark and Zach decided to change the process and dialog that was occurring into one that is inclusive, friendly, researcher-centric. They will provide results and key learnings about the establishment of this loose organization of security-minded vendors, partners, and researchers who have decided to focus on improving information security for bootstrapped/crowd-funded IoT products and platforms.
 

How to Disclose an Exploit Without Getting in Trouble, by Jim Denaro & Tod Beardsley

You have identified a vulnerability and may have developed an exploit. What should you do with it? You might consider going to the vendor, blogging about it, or selling it. There are risks in each of these options. This session will cover the risks to security researchers involved in publishing or selling information that details the operation of hacks, exploits, vulnerabilities and other techniques. This session will provide practical advice on how to reduce the risk of legal action and suggest several approaches to responsible disclosure.
 

Cyberhijacking Airplanes: Truth or Fiction?, by Dr. Phil Polstra & Captain Polly

There have been several people making bold claims about the ability to remotely hack into aircraft and hijack them from afar. This talk will take a systematic look at the mechanisms others are claiming would permit such cyberhijacking. Each of the most popular techniques will be examined myth buster style. Along the way several important aircraft technologies will be examined in detail.Attendees will leave with a better understanding of ADS-B, ADS-A, ACARS, GPS, transponders, collision avoidance systems, autopilots, and avionics networking and communications. No prior knowledge is assumed for attendees.
 

Just what the Doctor Ordered?, by Scott Erven & Shawn Merdinger

You have already heard the stories of security researchers delivering lethal doses of insulin to a pump, or delivering a lethal shock to a vulnerable defibrillator. But what is the reality of medical device security across the enterprise? Join us for an in-depth presentation about a three-year independent research project, encompassing medical devices across all modalities inside today’s healthcare landscape. Think they are firewalled off? Well think again. Scarier yet, many remain Internet facing and are vulnerable to strategic attack with the potential loss for human life. And yes you will be amazed at what we found in just 1 hour! We will prove that an attacker can access medical devices at thousands of healthcare facilities from anywhere in the world with the potential loss of human life.This discussion will also highlight the fallout from security standards not being a requirement for medical device manufacturers, and our experience in identifying and reporting vulnerabilities. We will provide our insight into what needs to be done for healthcare organizations to respond to the new threat of cyber-attack against medical devices. We are working towards a future where cyber security issues in medical devices are a thing of the past. We will discuss the recent success and traction we have gained with healthcare organizations, federal agencies and device manufacturers in addressing these security issues. The train is now moving, so please join us to find out how you can get involved and make a difference by ensuring patient safety.
 

A Survey of Remote Automotive Attack Surfaces, by Charlie Miller & Chris Valasek

Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. A malicious attacker leveraging a remote vulnerability could do anything from enabling a microphone for eavesdropping to turning the steering wheel to disabling the brakes.Last year, we discussed 2 particular vehicles. However, since each manufacturer designs their fleets differently; analysis of remote threats must avoid generalities. This talk takes a step back and examines the automotive network of a large number of different manufacturers from a security perspective. From this larger dataset we can begin to answer questions like: Are some cars more secure from remote compromise than others? Has automotive network security changed for the better (or worse) in the last 5 years? What does the future of automotive security hold and how can we protect our vehicles from attack moving forward?
 

Learn How to Control Every Room at a Luxury Hotel Remotely: The Dangers of Insecure Home Automation Deployment, by Jesus Molina

Have you ever had the urge to create mayhem at a hotel? Force every hotel guest to watch your favorite TV show with you? Or wake your neighbors up (all 290 of them!) with blaring music and with their blinds up at 3 AM?For those with the urge, I have the perfect place for you. The St. Regis ShenZhen, a gorgeous luxury hotel occupying the top 28 floors of a 100 story skyscraper, offers guests a unique feature: a room remote control in the form of an IPAD2. The IPAD2 controls the lighting, temperature, music, do not disturb light, TV, even the blinds and other miscellaneous room actions. However, the deployment of the home automation protocol contained several fatal flaws that allow an arbitrary attacker to control virtually every appliance in the hotel remotely. I discovered these flaws and as a result, I was able to create the ultimate remote control: Switch TV off 1280, 1281, 1283 will switch off the TV in these three room. The attacker does not even need to be at the hotel – he could be in another country.

This talk provides a detailed discussion of the anatomy of the attack: an explanation of reverse engineering of the KNX/IP home automation protocol; a description of the deployment flaws; blueprints on how to create an Ipad Trojan to send commands outside the hotel; and, of course, solutions to avoid all these pitfall in future deployments. Attendees will gain valuable field lessons on how to improve wide scale home automation architectures and discussion topics will include the dangers of utilizing legacy but widely used automation protocols, the utilization of insecure wireless connection, and the use of insecure and unlocked commodity hardware that could easily be modified by an attacker.

 

Attacking the Internet of Things using Time, by Paul McMillan

Internet of Things devices are often slow and resource constrained. This makes them the perfect target for network-based timing attacks, which allow an attacker to brute-force credentials one character at a time, rather than guessing the entire string at once. We will discuss how timing attacks work, how to optimize them, and how to handle the many factors which can prevent successful exploitation. We will also demonstrate attacks on at least one popular device. After this presentation, you will have the foundation necessary to attack your own devices, and a set of scripts to help you get started.
 

Optical Surgery; Implanting a DropCam, by Patrick Wardle & Colby Moore

Video Monitoring solutions such as DropCam aim to provide remote monitoring, protection and security. But what if they could be maliciously subverted? This presentation details a reverse-engineering effort that resulted in the full compromise of a DropCam. Specifically, given physical access and some creative hardware and software hacks, any malicious software may be persistently installed upon the device.Implanting a wireless video monitoring solution presents some unique opportunities, such as intercepting the video stream, ‘hot-micing’, or even acting as persistent access/attack point within a network. This presentation will describe such an implant and well as revealing a method of infecting either Windows or OS X hosts that are used to configure a subverted DropCam.
 

Playing with Car Firmware or How to Brick your Car, by Paul Such & Agix

A lot of papers have already been done/produced on hacking cars through ODB2/CanBus. Looking at the car firmware could also be something really fun 🙂 How to access the firmware, hidden menus & functionalities, hardcoded SSID, users and passwords (yes, you read right), are some of the subjects we will cover during this short presentation.
 

Elevator Hacking – From the Pit to the Penthouse, by Deviant Ollam & Howard Payne

Throughout the history of hacker culture, elevators have played a key role. From the mystique of students at MIT taking late-night rides upon car tops (don’t do that, please!) to the work of modern pen testers who use elevators to bypass building security systems (it’s easier than you think!) these devices are often misunderstood and their full range of features and abilities go unexplored. This talk will be an in-depth explanation of how elevators work… allowing for greater understanding, system optimizing, and the subversion of security in many facilities. Those who attend will learn why an elevator is virtually no different than an unlocked staircase as far as building security is concerned!