We're still waiting for the singularity, but in the meantime we're seeing lots of formerly dumb devices, from TVs to lamps to doors, gain bits of intelligence. Unfortunately, a lot of times these newly networked contraptions are just capable enough to let someone else do some real-world damage. Here are three Briefings that explore the vulnerabilities in this new generation of smart, automated devices.
More and more products are jumping online in the name of convenience, up to and including household devices like thermostats, home security systems, and even locks on doors. On one hand this is cool. On the other, of course, the hapless consumer has just opened themselves up to a whole new realm of security vulnerabilities. In the past, being compromised "only" affected someone's data. Now, an attacker could assert control over aspects of the networked physical environment. Come to Home Invasion v2.0 - Attacking Network-Controlled Hardware to learn about the potential risks posed by network-attached devices, and check out some new attacks against products on the market today.
In 2012 over 80 million so-called smart TVs sold around the world, turning once-passive devices into interactive conduits to the Internet. Unfortunately, these new TVs have almost all the same attack vectors as PCs and smart phones, as well as unique ones like their remote controls. In Hacking, Surveilling, and Deceiving Victims on Smart TV, SeungJin "Biest" Lee will delve into this largely unexamined space and reveal the wealth of security exploits he's uncovered to date, including a live demo of a compromised smart TV acting as an always-on webcam -- something right out of 1984.
Another up-and-coming trend is home automation systems -- by 2016 the American market alone is expected to exceed $5.5 billion. A majority of these devices use RF to communicate, with either the open-source Zigbee protocol or the proprietary Z-wave. Zigbee has been subjected to a fair amount of security research scrutiny, but Z-wave? Not so much. This is a problem, since Z-wave's starting to win the popularity contest. Honey, I’m home!! - Hacking Z-Wave Home Automation Systems will demonstrate just how open the Z-wave protocol is to attacks, and why you might want to think twice before bringing it into your home.
All three talks will occur at Black Hat USA 2013 in scorching Las Vegas. We hope to see you there, though you might just want to unplug your hotel room's TV. And do say hi on the Twitters: