Bristol Meetups

OWASP Bristol - OT & Car hacking

In the last meeting we've seen how to secure the applications using Threat Modelling. In this session you will learn how to break them. Come and see how to hack a Mitsubishi Outlander!

Agenda:

• 6:30pm - Social

• 6:45pm - OWASP updates / Speakers intro  

•  Presentation 1: Vitor Jesus  -  "OT is not IT"

•  Presentation 2: Ken Munro  - Car Hacking 

• After - we go to  Small Bar on King street. 

Presentation 1:  OT is not IT
Operational Technologies (OT) is an acronym coined to make the distinction to IT. You see OT in action whenever you call for an elevator or wait for a green light. Less visible, they are the heart of automation (Steel, Power, Water, Automotive, Pharma, etc.). They are also in IoT or Medical devices,for example, where, amongst other factors, they share the criticality and real time elements.
A 80/20 rule can be applied when comparing to IT. Whereas IT and OT share 80% of technologies and practices, the remaining 20% renders them unique to the point that a CCNE or a CISSP are not adequate. Everything changes: vendors, development processes, regulations & standards, protocols, goals, etc. This talk will go over the differences.

• Bio: Vitor Jesus works on Networks and Cyber Security with a focus on OT: SCADA/ICS, Embedded Systems, Internet-of-Things, Secure Software Development, etc. Having started with a degree in Physics, soon moved to Electronics and then Networks at well-knonw names such as Philips, Nokia-Siemens, Alcatel-Lucent and General Electric. A big part of his career was spent on Universities (University of Aveiro, Portugal, and Carnegie Mellon, US) lecturing and researhcing Network Architectures. He holds a PhD and a GIAC GICSP, an Industrial Cyber Security Certification. He also has Bitcoins and never ceases to be amazed with its Security tragedies.

Presentation 2: Car hacking

The final Eureka moment might seem surprisingly easy, but what does the A to Z of hacking the Mitsubishi Outlander look like?

This talk will demonstrate how to locate a target vehicle, the initial MITM attack, PSK cracking, Android app reversing, and then reversing a binary protocol. It’ll have some previously unreleased research and an open floor for Q&A too.

Bio: Ken Munro (Partner & Founder Pen Testers) is a highly acclaimed and respected security professional who is well known on the speaking circuit for his engaging and insightful presentations. He has been working in IT security for over 15 years and writes for various newspapers and industry magazines in an effort to get beyond the unhelpful scaremongering put about by many security vendors.
Twitter:  @TheKenMunroShow