This event has ended. Visit the official site or create your own event on Sched.
Welcome to the Interactive Agenda for SecurityWeek’s 2017 ICS Cyber Security Conference! (View the full conference website here)  (You can register for the conference here)
View analytic
Thursday, October 26 • 11:00am - 11:45am
The Insecurity of Industrial Things: Devil's Ivy

Sign up or log in to save this to your schedule and see who's attending!

Have you heard of the "Devil's Ivy" vulnerability? Did you know it was found in millions of devices? No? Keep reading! When hearing the buzz-word “Internet of Things,” we typically think of the consumer world: smart toasters and connected fridges. However, there is a staggering number of networked embedded devices that perform life- and mission-critical tasks that our daily lives depend on. We haven’t thought of these new types of devices as miniature computers that need the same care in deployment, management and protection as our servers, computers and mobile phones. This is a HUGE blind spot. Embedded devices, such as ICS and SCADA systems, are the low-hanging fruit for potential attackers: They are fairly easy to compromise, are connected to high-value networks and detection often only happens after the fact. This talk summarizes the state of IoT security, specifically as it relates to Industrial Control and Energy. We'll use the Devil's Ivy vulnerability (which was found by our research team and reported by Wired, Vice and others to afflict millions of devices worldwide) as a case study for how IoT is not that different from ICS. This talk will also catalog our experiences at Senrio exploiting embedded system used in industrial control environments and discuss the reasons why these insecure design patterns exist; including business drivers and technology factors. We will share stories and anecdotes based on 10 years of research, training and consulting. Attendees will get an inside view into how attackers operate and walk away knowing what to look for when future-proofing our industrial control systems. 

avatar for Stephen Ridley

Stephen Ridley

Founder and CEO/CTO, Senrio
Stephen has more than 10 years of experience in software development, software security, and reverse engineering. His original research on embedded device vulnerabilities has been featured on NPR, SecurityWeek, Wired and numerous other publications. Prior to his current work at S... Read More →

Thursday October 26, 2017 11:00am - 11:45am
Windsor Ballroom CDE

Attendees (32)