attack on traffic systems
play

Attack on Traffic Systems These attack examples have happened in the - PowerPoint PPT Presentation

Jul 18, 2023 •373 likes •556 views

From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

  1. From start to finish how a cyber attack would be performed on traffic system, we will go over first day >> exploitation of the device >> the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples have happened in the past. We will take an in-depth look into the process of the chain of events that lead to the exploit

  2. Did not happen. But if it did. 2

  3. Austin Suhler Weston Hecker Cybersecurity Engineer Security Consultant MSI TWITTER @westonhecker MSI 3

  4. 24 CVE. From 10 Different Companies. 1. Microsoft - 5 2. Qualcomm - 2 3. Samsung - 5 4. Verizon - 4 5. AT&T - 1 6. HTC - 2 7. Trimble – 2 8. GM -1 9. FCA - 1 10. Google - 1 4

  5. A work van in broken into while on a service call. At the intersection for NW River drive and NW 28 th st there are several devices taken from a van. 1. An expensive GPS survey unit 2. A tablet PC 3. Two configured yet uninstalled S-408 5

  6. What is an S-408? It is a fictitious device for that is the example for this presentation. This device and its configurations are now out of the intended owners controls. 6

  7. While the GPS unit was sold locally on craigslist and the tablet to pawnshop the S-408 with no local market for the device was placed on an online auction which just ended at 9:30. The device is now on its way to new home outside of the United States. The device was in a list from a script written by a Blackhat Hacker. The Script runs on all the worlds auctions sites searching for certain devices that are used in the USA, and restricted for export and are for sale to a private party. 7

  8. After being mailed to England the package was forwarded to PO box and taken into North Korea. At this point the device was inspected after the box was opened. The devices manual was downloaded online and translated for the next steps. The next steps will be performed by a team of attackers. 8

  9. The S-408 is cleaned and hooked into using the chip trace and markings on the board. Once hooked into the boards JTAG ports the firmware is dumped off the device while it is booting. The S-408 is also plugged into the network where all of the communications are observed. Once the expected communication is established a program called a fuzzer is used to enumerate errors and limitation of the device. 9

  10. After 206 hours of the fuzzing script running the team of hackers look at the crash log of programs and services on the device. The “Core Dump” is extracted using the chip traces to the flash memory on the device. The core dump shows 17 crashed processes. The software was not made to handle the constructed queries that were outside the bounds of normal traffic. The single process that detects baud changes between traffic systems did not check size before excepting communication from the other device. 10

  11. The program has found a buffer overflow issue which will lead to unintended code. Once the “entry point” for the exploit is found. The attacker looks at the amount of “space” of his payload. The payload is code that is constructed into a message after an error to make the computer think it was doing the commands when the crash occurred . 11

  12. Once payload is decided the firmware pulled from the device is analyzed and common issues with other like Operating systems can be used. The attack of the system now affects all S-400 series running 6.5.0 to 7.1.3 The attackers use a Reverse shell exploit payload that was released in a previous exploit in 2016 for S-404 which is an older version of the system. This exploit simply turns Call home to the device on the select portion of the network. 12

  13. How is the payload tested? What is the impact on the device? 13

  14. How is the device exploited in the wild? Example: The system credentials are pulled from device and used as a platform to attack other devices and breach further. 14

  15. Last stages of the attack. The affect of the other systems on the network. 15

  16. How final attack impacts the system. Real world results. 16

  17. We’re Hiring! www.missionsecure.com 17

  18. Contact information Weston Hecker Cyber Evangelist Weston@MissionSecure.com W: 434.284.8071 Mission Secure, Inc. Austin Suhler Cybersecurity Engineer Austin@MissionSecure.com Houston Office W: 434.284.8071 1770 St. James Place Rick Tiene Suite 420 VP, Smart Cities Houston, TX 77056 Tiene@MissionSecure.com www.missionsecure.com W: 434.284.8071 Charlottesville Office 300 Preston Avenue Suite 500 Charlottesville, VA 22902 18

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo

Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo

Traffic Analysis The Most Powerful and Least Understood Attack Methods Raven Alder, Riccardo Bettati, Jon Callas, Nick Matthewson 1 What is Traffic Analysis? Signals intelligence that ignores content Information for analysis is the

355 views • 14 slides
Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control

Adaptive Distributed Distributed Traffic Traffic Adaptive Adaptive Distributed Traffic Control Service Service for for DDoS DDoS Attack Attack Control Control Service for DDoS Attack Mitigation Mitigation Mitigation Bernhard Plattner,

474 views • 24 slides
Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Attack Graphs Systems and Internet Infrastructure Security (SIIS) Laboratory Page 1 Outline Attack

Systems and Internet Infrastructure Security Network and Security Research Center Department of Computer Science and Engineering Pennsylvania State University, University Park PA Attack Graphs Systems and Internet Infrastructure Security (SIIS)

1.06k views • 60 slides
Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems

Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems

Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems Nothing is in isolation Attack surface An attack surface is the total number of possible attack vectors Think of a house, with the

309 views • 15 slides
Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic

Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic

Green Lights Forever: Analyzing the Security of Traffic Infrastructure RAJSHAKHAR PAUL Outline Introduction Anatomy of a Traffic Infrastructure Case Study Threat Model Types of Attack Recommendation Broader Lesson Conclusion Outline

777 views • 36 slides
Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models, Fundamental Limitations, and Monitor Design Fabio Pasqualetti Florian D orfler Francesco Bullo Center for Control, Dynamical systems and Computation

994 views • 11 slides
Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets Pai Peng, Peng

Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets Pai Peng, Peng

Computer Science Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets Pai Peng, Peng Ning, Douglas Reeves North Carolina State Univ. Xinyuan Wang George Mason Univ. 1 Attack Through Stepping Stones Telnet/ Attack

460 views • 20 slides
Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V.

Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V.

Learning Nonstationary Models of Normal Network Traffic for Detecting Novel Attacks Matthew V. Mahoney Philip K. Chan Intrusion Detection Systems. Is data x hostile? Signature - models known hostile behavior: P( x |attack) Good: low

237 views • 22 slides
Walls Have Ears: Traffic-based Side-channel Attack in Video Streaming Jiaxi Gu , Jiliang Wang

Walls Have Ears: Traffic-based Side-channel Attack in Video Streaming Jiaxi Gu , Jiliang Wang

Walls Have Ears: Traffic-based Side-channel Attack in Video Streaming Jiaxi Gu , Jiliang Wang , Zhiwen Yu , Kele Shen Northwestern Polytechnical University, P .R. China Tsinghua University, P .R. China 1 Outline

1.15k views • 32 slides
Physical Attack Presented by: Bryan Perrie (presented by Mark Alexander) The Concrete Institute

Physical Attack Presented by: Bryan Perrie (presented by Mark Alexander) The Concrete Institute

Main Durability Issues in SA Physical Attack Presented by: Bryan Perrie (presented by Mark Alexander) The Concrete Institute Physical Attack Abrasion Traffic Erosion Freezing and freeze-thaw Cavitation Cracking

330 views • 15 slides
Traffic Management in the Era of VACS (Vehicle Automation and Communication Systems) Prof.

Traffic Management in the Era of VACS (Vehicle Automation and Communication Systems) Prof.

Traffic Management in the Era of VACS (Vehicle Automation and Communication Systems) Prof. Markos Papageorgiou Dynamic Systems and Simulation Laboratory, Technical University of Crete, Chania, Greece 1. WHY TRAFFIC MANAGEMENT (TM)?

770 views • 41 slides
About that little buffer in Active monitoring results: Comparable amount of traffic (lots of

About that little buffer in Active monitoring results: Comparable amount of traffic (lots of

Backscatter and Global Analysis Stefan Zota Attacks Analyze tcpdump logs and get global Top attack sources abnormal traffic Unsuccessful TCP connections Gather vanilla statistics: SYN attacks TCP RST ACK backscatter Port classification

367 views • 9 slides
SEGUR + CLAIRE Traffic Management system Security Solutions & Services References

SEGUR + CLAIRE Traffic Management system Security Solutions & Services References

SEGUR + CLAIRE Traffic Management system Security Solutions & Services References Provider and Installer of systems since 1971 (over 50 reference systems) Large systems: Paris (2000 traffic controllers), SITER Hauts de

921 views • 17 slides
When Embedded Systems Attack Therac-25 Embedded systems can fail for a variety of reasons

When Embedded Systems Attack Therac-25 Embedded systems can fail for a variety of reasons

1 2 When Embedded Systems Attack Therac-25 Embedded systems can fail for a variety of reasons The Therac-25 was a medical radiation therapy machine developed in the mid-1980s. Electrical problems Mechanical problems

65 views • 3 slides
When Embedded Systems Attack Embedded systems can fail for a variety of reasons

When Embedded Systems Attack Embedded systems can fail for a variety of reasons

22.1 22.2 When Embedded Systems Attack Embedded systems can fail for a variety of reasons Electrical problems Unit 22 Mechanical problems Errors in the programming Incorrectly specified Errors caused by users Embedded

201 views • 5 slides
Securing PostgreSQL From External Attack B RUCE M OMJIAN January, 2012 Database systems are rich

Securing PostgreSQL From External Attack B RUCE M OMJIAN January, 2012 Database systems are rich

Securing PostgreSQL From External Attack B RUCE M OMJIAN January, 2012 Database systems are rich with attack vectors to exploit. This presentation explores the many potential PostgreSQL external vulnerabilities and shows how they can be

318 views • 29 slides
Renard Controllers with a brief discussion of dimming protocols and methodology Compiled by

Renard Controllers with a brief discussion of dimming protocols and methodology Compiled by

Renard Controllers with a brief discussion of dimming protocols and methodology Compiled by Brian Ullmark (budude) With many thanks to Phil Short for his contributions to our hobby and this presentation. August 17 th , 2012 Topics Discussed

648 views • 28 slides
Electronic Components Battery A portable power source that has a positive and negative.

Electronic Components Battery A portable power source that has a positive and negative.

Electronic Components Battery A portable power source that has a positive and negative. Electronics works on Direct Current (DC) where electrons flow from negative to positive. These are the symbols that will be used for Positive and

240 views • 12 slides
Benchmark and comparison of real-time solutions based on embedded Linux Peter Feuerer August 8,

Benchmark and comparison of real-time solutions based on embedded Linux Peter Feuerer August 8,

Benchmark and comparison of real-time solutions based on embedded Linux Benchmark and comparison of real-time solutions based on embedded Linux Peter Feuerer August 8, 2007 Benchmark and comparison of real-time solutions based on embedded Linux

814 views • 27 slides
Selecting the Right ESP board for Your IoT Project Most Common ESP Dev Board The most common

Selecting the Right ESP board for Your IoT Project Most Common ESP Dev Board The most common

Selecting the Right ESP board for Your IoT Project Most Common ESP Dev Board The most common esp board for IOT is ESP 32 Node MCU For CV ,AI and Image processing ESP EYE ESP CAM ESP8266-01 Ai-Thinker TCP/IP

784 views • 12 slides
Jerry Christians ECN/MN DPS NG911 Project Manager MESB TOC 10/20/11 1 Review of Programs Three

Jerry Christians ECN/MN DPS NG911 Project Manager MESB TOC 10/20/11 1 Review of Programs Three

MESB TOC 10/20/2011 Jerry Christians ECN/MN DPS NG911 Project Manager MESB TOC 10/20/11 1 Review of Programs Three Phases 1. Project Objectives: Implementing an IP Network to all PSAP 2. Network Overview 3. Next Gen Components at the PSAP

591 views • 32 slides
High Performance Cognitive Radio Platform with Integrated Physical & Network Layer

High Performance Cognitive Radio Platform with Integrated Physical & Network Layer

High Performance Cognitive Radio Platform with Integrated Physical & Network Layer Capabilities Bryan Ackland, Ivan Seskar WINLAB, Rutgers University bda@winlab.rutgers.edu seskar@winlab.rutgers.edu www.winlab.rutgers.edu 1 Dynamic

267 views • 24 slides
results presentation Paris 32 Hoche 13 May 2015 BUILDING THE FUTURE IS OUR GREATEST ADVENTURE

results presentation Paris 32 Hoche 13 May 2015 BUILDING THE FUTURE IS OUR GREATEST ADVENTURE

First quarter 2015 results presentation Paris 32 Hoche 13 May 2015 BUILDING THE FUTURE IS OUR GREATEST ADVENTURE This presentation contains forward-looking information and statements about the Bouygues group and its businesses.

730 views • 50 slides
Advisory Committee on Commercial Operations to Customs and Border Protection (COAC) U.S. Customs

Advisory Committee on Commercial Operations to Customs and Border Protection (COAC) U.S. Customs

Advisory Committee on Commercial Operations to Customs and Border Protection (COAC) U.S. Customs and Border Protection (CBP), Chicago, IL July 29, 2015 1:00 PM 04:00 PM 1 Committee Welcome and Roll Call CBP: Maria Luisa Boyce

278 views • 25 slides

More recommend