Hardware, Software & the Internet of Things
June 23–25, 2015 • San Francisco, CA

Blurred lines

Nitesh Dhanjani (Ernst & Young LLP)
1:15pm–1:55pm Thursday, 06/25/2015
Security
Location: Generals Residence
Average rating: *****
(5.00, 1 rating)

Prerequisite Knowledge

Basic knowledge of technology and consumer IoT devices.

Description

Our societies are primed to take modern luxuries for granted. We flip a switch and expect the instant glow of the electric flame. We open the refrigerator and expect our food and drinks to be waiting for us at just the right temperature. We walk into our homes and expect the air conditioning to continously and automatically maintain a comfortable equilibrium between hot and cold temperatures.

It is only in moments when our luxuries are taken away from us that we truly reflect on how much we have come to depend on them. The Northeast blackout of 2003 not only affected 45 million people but also caused deaths from misplaced candles. It’s only been about 100 years since we’ve figured out how to create electricity, yet we can’t imagine living in a world without our electrical infrastructure.

Traditionally, the attack vectors to our fundamental luxuries have required physical tampering, mostly because access to the infrastructure has been isolated from the internet. This is about to change, with the upcoming onslaught and disruption that will be caused as we look to a future of 40 billion “things” connected to the internet.

In this talk, we will take a fascinating look into abusing the most popular IoT based devices already available in the market. We will take a look at how a simple attack can cause a perpetual blackout targeting LED lightbulbs, how bad security decisions have grossly violated the privacy of families, and how the insecurity of powerful electric cars can put you at risk.

The upcoming IoT age will blur the line between our physical and online lives. Attacks targeting our online spaces will put our physical security at risk and that of our loved ones. The goal of this talk is to demonstrate the tangible risk in IoT devices that we are only going to depend on more as time progresses – it is through these discussions that we can begin to formulate our strategy for securely enabling our sensor-based future.

Photo of Nitesh Dhanjani

Nitesh Dhanjani

Ernst & Young LLP

Nitesh Dhanjani is a well known security researcher, author, and speaker. Dhanjani is the author of the upcoming book “Abusing the Internet of Things: Blackouts, Freakouts, and Stakeouts”. He has also written “Hacking: The Next Generation” (O’Reilly), “Network Security Tools: Writing, Hacking, and Modifying Security Tools” (O’Reilly), and “HackNotes: Linux and Unix Security” (Osborne McGraw-Hill). He is also a contributing author to “Hacking Exposed 4” (Osborne McGraw-Hill) and “HackNotes: Network Security”. Dhanjani has been invited to talk at various information security events such as the Black Hat Briefings, RSA, Hack in the Box, Microsoft Blue Hat, and OSCON.

Dhanjani is currently executive director at a large consulting firm, where he advises some of the largest corporations around the world on how to establish enterprise-wide information security programs and solutions. Dhanjani is also responsible for evangelizing brand new technology service lines around emerging technologies and trends such as cloud computing and virtualization.

Prior to his current job, Dhanjani was senior director of application security and assessments at a major credit bureau, where he spearheaded security efforts into enhancing the enterprise SDLC, created a process for performing source code security reviews and threat modeling, and managed the Attack & Penetration team.

Dhanjani graduated from Purdue University with both a Bachelors and Masters degree in computer science.

Comments on this page are now closed.

Comments

Nicole Rossi
04/22/2015 10:47am PDT

Are cars still using insecure WiFi to connect sensors? What frequency is the Wi Fi; can other devices interrupt the signal?