Recoverable Advanced Metering Infrastructure Mike Davis Black Hat - USA - 2009

Channel:
United States All Hacking Cons
Subscribers:
6,410
Published on ● Video Link: https://www.youtube.com/watch?v=dTzSjv6NsQg


Duration: 58:10
38 views
0

Smart Grid. Smart Meters. AMI. Certainly no one has escaped the buzz surrounding this potentially ground-breaking technology. However, equally generating buzz is the heightened threat of attack these technologies provide. Mike Davis and a team of IOActive researchers were able to identify multiple programming errors on a series of Smart Meter platforms ranging from the inappropriate use of banned functions to protocol implementation issues. The team was able to “weaponize” these attack vectors, and create an in-flash rootkit, which allowed them to assume full system control of all exposed Smart Meter capabilities, including remote power on, power off, usage reporting, and communication configurations.

In this presentation, Davis will discuss the broad, yet almost ubiquitous exploits and basic design flaws in today’s Smart Meter and Advanced Metering Infrastructure (AMI) technology. Typical attacker techniques such as buffer overflows, persistent and non-persistent root kits, and even self-propagating malicious software will be illustrated. Davis will even demonstrate a proof-of-concept worm attack and the general reverse engineering techniques used to achieve code execution. To show all is not hopeless, he will also cover the incident response impacts of possible worm attack scenario. Finally, building upon the analysis of the worm-able attack surface as well his hardware and software penetration testing research, Davis will suggest inherent design fixes that AMI vendors can implement to greatly mitigate these broad exploits.

Black Hat - USA - 2009 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-29State of the Art Post Exploitation in Hardened PHP Environments Stefan Esser
2021-12-29Post Exploitation Bliss Loading Meterpreter on a Factory iPhone Vincenzo Iozzo, Charlie Miller
2021-12-29Ofir Arkin Introducing X Playing Tricks with ICMP
2021-12-29Jeff Nathan and Kevin Depeugh Layer 2 Attacks
2021-12-29Job de Haas GSM WAP and SMS Security
2021-12-29JD Glaser JDs Toolbox Fire and Ice
2021-12-29Dan Veeneman Wireless Overview Protocols and Threat Models
2021-12-29Panel Vulnerability Disclosure What the Feds Think
2021-12-28Welcome and Introduction to Black Hat USA 2009 Jeff Moss Black Hat - USA - 2009
2021-12-28The Language of Trust: Exploiting Trust Relationships in Active Content Mark Dowd, Ryan Smith
2021-12-28Recoverable Advanced Metering Infrastructure Mike Davis Black Hat - USA - 2009
2021-12-28Attacking SMS Zane Lackey, Luis Miras Black Hat - USA - 2009
2021-12-28Deactivate the Rootkit Alfredo Ortega Black Hat - USA - 2009
2021-12-28Is Your Phone Pwned Kevin Mahaffey, Anthony Lineberry, John Hering Black Hat - USA - 2009
2021-12-28Meet the Feds Feds vs Ex Feds Panel Black Hat - USA - 2009
2021-12-28Defensive Rewriting Bryan Sullivan Black Hat - USA - 2009
2021-12-28Automated Malware Similarity Analysis Daniel Raygoza Black Hat - USA - 2009
2021-12-28Beckstrom’s Law Rod Beckstrom Black Hat - USA - 2009
2021-12-28Demystifying Fuzzers Michael Eddington Black Hat - USA - 2009
2021-12-28Johnny Long Me to We Johnny Long Black Hat - USA - 2009
2021-12-28BitTorrent Hacks Michael Brooks Black Hat - USA - 2009


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
access
safety
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Mike Davis
infrastructure
metering