dangerous pyrotechnic composition fireworks embedded
play

Dangerous Pyrotechnic 'Composition': Fireworks, Embedded Wireless - PowerPoint PPT Presentation

Oct 17, 2022 •175 likes •468 views

Dangerous Pyrotechnic 'Composition': Fireworks, Embedded Wireless and Insecurity-by-Design (short paper) Andrei Costin , Aurlien Francillon EURECOM, Sophia Antipolis 23 July 2014 ACM WiSec'14 - Oxford, UK Agenda Introduction

  1. Dangerous Pyrotechnic 'Composition': Fireworks, Embedded Wireless and Insecurity-by-Design (short paper)   Andrei Costin , Aurélien Francillon EURECOM, Sophia Antipolis 23 July 2014 ACM WiSec'14 - Oxford, UK

  2. Agenda  Introduction  What are the wireless firing systems ?  Methodology  Firmware analysis  System analysis  Attack development  Results  Attacks summary  Disclosure process  Future Work and Conclusions Andrei Costin ACM WiSec'14 2

  3. Wireless Firing Systems Andrei Costin ACM WiSec'14 3

  4. Wireless Firing Systems  Normal (safe) mode – diagram 1. Connect Firing Module to pyrotechnics and wiring 2. Turn the physical key to TEST 3. Perform the continuity test 4. Turn the physical key to ARM 5. Firing Module awaits digital FIRE command 6. Depart to safety distance SAFETY DISTANCE BY REGULATION 1. Turn the physical key to ARM 2. Press the FIRE keys 3. Remote Control sends digital FIRE command Andrei Costin ACM WiSec'14 4

  5. Wireless Firing Systems  ARM/FIRE operation example Firing Module | Remote Control Andrei Costin ACM WiSec'14 5

  6. Wireless Firing Systems  A very good example of:  Wireless Sensors Actuators Network (WSAN)  Cyber Physical System (CPS)  With their properties, challenges and flaws  Used for:  Fireworks  Building demolition  Military-like trainings/simulations Andrei Costin ACM WiSec'14 6

  7. Agenda  Introduction  What are the wireless firing systems ?  Methodology  Firmware analysis  System analysis  Attack development  Results  Attacks summary  Disclosure process  Future Work and Conclusions Andrei Costin ACM WiSec'14 7

  8. Methodology – Firmware Analysis  Firmware.RE [2]  Large-scale analysis framework for embedded firmwares [1]  crawled 172K firmwares  analyzed 32K firmwares  found 38 vulnerabilities  in over 693 firmwares  140K online devices [1] Costin et al., "A Large-Scale Analysis of the Security of Embedded Firmwares", USENIX Sec '14 (to appear) [2] Costin et al., "Poster: Firmware.RE: Firmware Unpacking and Analysis as a Service", ACM WiSec '14 Andrei Costin ACM WiSec'14 8

  9. Methodology – Firmware Analysis  The firmwares of the firing system:  found by our crawlers  in .ihex format  unencrypted  Our framework detected:  m68k-based code  debugging features (strings)  wireless protocols (strings) Andrei Costin ACM WiSec'14 9

  10. Methodology – System Analysis Firing Module Andrei Costin ACM WiSec'14 10

  11. Methodology – System Analysis Remote Control Firing Module Andrei Costin ACM WiSec'14 11

  12. Methodology – System Analysis  Main MCU running main firmware  Freescale ColdFire MCF52254  802.15.4 MCUs ( ATmega128RFA1 )  Synapse's SNAP Network Operating System  API for running Python on the wireless chips  AES is supported (802.15.4 standard)  This system does not use AES!!! Andrei Costin ACM WiSec'14 12

  13. Methodology – Attack Explained  Attacker (unsafe) mode – diagram 1. Connect Firing Module to pyrotechnics and wiring 2. Turn the physical key to TEST 3. Perform the continuity test 4. Turn the physical key to ARM 5. Firing Module awaits digital FIRE command 6. Staff not yet departed UNSAFE DISTANCE (STAFF NEAR PYROTECHNIC LOADS) 1. {Sniff, replay, inject} loop 1.x Attacker sends digital FIRE command Andrei Costin ACM WiSec'14 13

  14. Methodology – Attack Dev  Sniffers – TelosB and SS200-001  TelosB: Default GoodFET / KillerBee firmwares Andrei Costin ACM WiSec'14 14

  15. Methodology – Attack Dev  Sniffers – TelosB and SS200-001  TelosB: Default GoodFET / KillerBee firmwares  SS200: Wireless reprogrammer and sniffer Andrei Costin ACM WiSec'14 15

  16. Methodology – Attack Dev  Injector – Econotag  Used as general purpose 802.15.4 device  We developed custom replay/inject firmware Andrei Costin ACM WiSec'14 16

  17. Agenda  Introduction  What are the wireless firing systems ?  Methodology  Firmware analysis  System analysis  Attack development  Results  Attacks summary  Disclosure process  Future Work and Conclusions Andrei Costin ACM WiSec'14 17

  18. Attack Summary  Sniffing with TelosB the raw packets Andrei Costin ACM WiSec'14 18

  19. Attack Summary  Sniffing with the SNAP device/decoder Andrei Costin ACM WiSec'14 19

  20. Attack Summary  Replay/Inject | Fake Remote Control Andrei Costin ACM WiSec'14 20

  21. Disclosure Process  We took vulnerabilities very seriously  Responsible disclosure  Contacted the vendor  Coordinated the content and paper release  Vendor  Confirmed the issues  Had security improvements being deployed  Many of the issues now fixed  Shipping updates and communicates to customers Andrei Costin ACM WiSec'14 21

  22. Agenda  Introduction  What are the wireless firing systems ?  Methodology  Firmware analysis  System analysis  Attack development  Results  Attacks summary  Disclosure process  Future Work and Conclusions Andrei Costin ACM WiSec'14 22

  23. Future Work  Solutions for this kind of devices exist  Secure firmware upgrades  Authenticated communications  Secure restore and debug chains  Practical key distribution  Latency control, secure positioning?  How to get those actually used?  Vendor communicates to regulators/industry groups  We contacted certification bodies Andrei Costin ACM WiSec'14 23

  24. Conclusions  Firmware analysis gets better and faster  Large-scale automated analysis => great results!  Wireless security is an issue in many products  Even for life critical systems  Vulnerable to basic attacks!  Firing systems' security must be taken seriously  Solution probably involves certification, regulation Andrei Costin ACM WiSec'14 24

  25. Thank You! Questions/Concerns? andrei.costin@eurecom.fr aurelien.francillon@eurecom.fr Andrei Costin ACM WiSec'14 25

  26. References  [1] A. Costin, J. Zaddach, A. Francillon, D. Balzarotti, ”A Large-Scale Analysis of the Security of Embedded Firmwares” , In Proceedings of the 23 rd USENIX Conference on Security (to appear)  [2] A. Costin, J. Zaddach, ”Poster: Firmware.RE: Firmware Unpacking and Analysis as a Service” , In Proceedings of the ACM Conference on Security and Privacy in Wireless Mobile Networks (WiSec) '14 Andrei Costin ACM WiSec'14 26

  27. Backup Slides Andrei Costin ACM WiSec'14 27

  28. Future Work  Implement some other attacks  Main MCU firmware upgrade via 802.15.4 (remote)  UART-based exploitation (local) Andrei Costin ACM WiSec'14 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TEACHING MATHEMATICS AND PHYSICS BY DESIGNING PYROTECHNIC DISPLAYS TEACHING MATHEMATICS

TEACHING MATHEMATICS AND PHYSICS BY DESIGNING PYROTECHNIC DISPLAYS TEACHING MATHEMATICS

Susan Hunt Alberto Navarro Infinity Visions Inc TEACHING MATHEMATICS AND PHYSICS BY DESIGNING PYROTECHNIC DISPLAYS TEACHING MATHEMATICS AND PHYSICS BY DESIGNING PYROTECHNIC DISPLAYS Pilot Project Research at Anacortes Middle

467 views • 29 slides
D OES THIS L OOK F AMILIAR ?? K ATY P ERRY - FIREWORKS Fireworks video with lyrics Ignite

D OES THIS L OOK F AMILIAR ?? K ATY P ERRY - FIREWORKS Fireworks video with lyrics Ignite

D OES THIS L OOK F AMILIAR ?? K ATY P ERRY - FIREWORKS Fireworks video with lyrics Ignite the light let it shine Show em what youre worth Let your colours burst Always been inside of you time to let it through

473 views • 33 slides
O the explosion, another type of sparks are generated based cations, ranging from the academic

O the explosion, another type of sparks are generated based cations, ranging from the academic

Dynamic Search in Fireworks Algorithm Shaoqiu Zheng, Andreas Janecek, Junzhi Li and Ying Tan of real fireworks exploding and illuminating the night sky. Abstract We propose an improved version of the recently developed Enhanced Fireworks

569 views • 8 slides
XBee Positioning System with Embedded Haptic Feedback for Dangerous O ff shore Operations: a

XBee Positioning System with Embedded Haptic Feedback for Dangerous O ff shore Operations: a

Introduction Trilateration method and system architecture Experimental results, conclusion and future work XBee Positioning System with Embedded Haptic Feedback for Dangerous O ff shore Operations: a Preliminary Study F. Sanfilippo 1 and K. Y.

606 views • 16 slides
Fireworks Displays on San Diego Bay Jim Hutzelman Ports Marketing & Communications

Fireworks Displays on San Diego Bay Jim Hutzelman Ports Marketing & Communications

Fireworks Displays on San Diego Bay Jim Hutzelman Ports Marketing & Communications Department Eileen Maher Environmental & Land Use Management 1 Background Fireworks Add excitement to waterfront events Make San Diego Bay a

364 views • 9 slides
PA 256 of 2011 Details of PA 256 Michigan Fireworks Emergency Rules Established Safety

PA 256 of 2011 Details of PA 256 Michigan Fireworks Emergency Rules Established Safety

03/28/2012 We will discuss Documents to be familiar with Definitions of the types of fireworks PA 256 of 2011 Details of PA 256 Michigan Fireworks Emergency Rules Established Safety Act APA Standard 87-1 NFPA 1124 What

741 views • 10 slides
Canada Day Fireworks Show Christie Rosta, Events & Festival Manager Regular Meeting of

Canada Day Fireworks Show Christie Rosta, Events & Festival Manager Regular Meeting of

Canada Day Fireworks Show Christie Rosta, Events & Festival Manager Regular Meeting of Council July 22, 2019 Doc # 3923491 Canada Day Fireworks Show Enhance the Districts Canada Day Celebration Hosted off Dundarave Beach for

221 views • 6 slides
In collaboration with A. Cheng, G. Petropoulos and D. Schaich ArXiv:1111:2317,1207.7162,1207.7164

In collaboration with A. Cheng, G. Petropoulos and D. Schaich ArXiv:1111:2317,1207.7162,1207.7164

In collaboration with A. Cheng, G. Petropoulos and D. Schaich ArXiv:1111:2317,1207.7162,1207.7164 4 th of July Independence Day Fireworks 4 th of July Fireworks, 2012 4 th of July Fireworks, 2012 Discovery of a Higgs-like state at 125GeV 4 th

1.08k views • 46 slides
Real-time risk definition in the transport of dangerous goods by road dangerous goods by road

Real-time risk definition in the transport of dangerous goods by road dangerous goods by road

Real-time risk definition in the transport of dangerous goods by road dangerous goods by road Chi Chiara Bersani, Claudio Roncoli B i Cl di R li University of Genova, Department of Communication, Computer and System Science DIST 16145

685 views • 39 slides
Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS

Embedded PC The modular Industrial PC for mid-range control Embedded PC 1 Embedded OS Operating Systems Major differences Details XPE / CE Embedded PC 2 The Windows Embedded OS family The modular, real The modular, real- -time

611 views • 22 slides
Do we understand how stellar winds change stellar fireworks? Mathieu Renzo PhD @ API

Do we understand how stellar winds change stellar fireworks? Mathieu Renzo PhD @ API

NAC 24.05.2016 Do we understand how stellar winds change stellar fireworks? Mathieu Renzo PhD @ API Collaborators: S. E. de Mink, C. D. Ott, S. N. Shore, E. Zapartas, Y. G otberg, C. Neijssel 1 / 16 Outline Importance of Massive

779 views • 40 slides
Automated Web Service Composition in Practice: from Composition Requirements Specification to

Automated Web Service Composition in Practice: from Composition Requirements Specification to

Outline Automated Web Service Composition The Amazon-MPS Case study Conclusions and Future Works Automated Web Service Composition in Practice: from Composition Requirements Specification to Process Run. Annapaola Marconi , Marco Pistore and

730 views • 59 slides
Framework for Metric Composition + Spatial Composition of Spatial Composition of Metrics Al

Framework for Metric Composition + Spatial Composition of Spatial Composition of Metrics Al

Framework for Metric Composition + Spatial Composition of Spatial Composition of Metrics Al Morton + many others M March, 2008 h 2008 draft-ietf-ippm-framework-compagg-06.txt Overall Framework (includes common concepts and concepts and

257 views • 9 slides
Using Fireworks : Viewing CRAFT and MC Events Christopher Jones, Lothar Bauerdick FNAL

Using Fireworks : Viewing CRAFT and MC Events Christopher Jones, Lothar Bauerdick FNAL

Using Fireworks : Viewing CRAFT and MC Events Christopher Jones, Lothar Bauerdick FNAL Bertrand Bellenot , Alja Mrak-Tadel, Matevz Tadel CERN Dmytro Kovalskyi UCSB Johannes Muelmenstaedt, Avi Yagil UCSD 1 Why View Data? Help form an

557 views • 13 slides
Hiding Stars with Fireworks: Location Privacy through Camouflage Based on paper written by Joseph

Hiding Stars with Fireworks: Location Privacy through Camouflage Based on paper written by Joseph

Hiding Stars with Fireworks: Location Privacy through Camouflage Based on paper written by Joseph T. Meyerowitz and Romit Roy Choudhury Presentation by Ra Chojnacka Faculty of Mathematics, Informatics and Mechanics University of Warsaw

730 views • 46 slides
SPONSORSHIP SPONSORSHIP OPPORTUNITIES OPPORTUNITIES Fact Sheet: Date: July 4, 2009 Location:

SPONSORSHIP SPONSORSHIP OPPORTUNITIES OPPORTUNITIES Fact Sheet: Date: July 4, 2009 Location:

th Annual Ventura 4 th of July 16 16 th Annual Ventura 4 th of July Fireworks Show 2009 Fireworks Show 2009 Presented by Presented by Rot Rotary C ry Club o ub of V Ventur ntura & a & V Vent ntur ura Col a College Foundat

128 views • 9 slides
Zentyal Linux small business server Julien Kerihuel Zentyal CTO 2013 [

Zentyal Linux small business server Julien Kerihuel Zentyal CTO 2013 [

Zentyal Linux small business server Julien Kerihuel Zentyal CTO 2013 [ jkerihuel@zentyal.com ] What is Zentyal? 2 of 26 Linux small business server www.zentyal.com 5/22/13 What is Zentyal? Linux server for SMBs Full-featured

369 views • 26 slides
Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay Leong , Aditya Kulkarni, Yin

Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay Leong , Aditya Kulkarni, Yin

Unveiling the Hidden Dangers of Public IP in 4G/LTE Networks Wai Kay Leong , Aditya Kulkarni, Yin Xu, Ben Leong Mobile Internet is Hot ot 2 Public IP Whats the deal? Subscribers want Public IP 3 M2M M2M Machine to Machine

555 views • 26 slides
AFS Server Performance Comparisons Bo Tretta Kim Kimball Jet Propulsion Laboratory Information

AFS Server Performance Comparisons Bo Tretta Kim Kimball Jet Propulsion Laboratory Information

AFS Server Performance Comparisons Bo Tretta Kim Kimball Jet Propulsion Laboratory Information Services - FIL Service http://fil.jpl.nasa.gov SLAC AFS Best Practices Workshop March 24, 2004 JPLIS-FIL Server Performance Comparisons 1 n

701 views • 21 slides
whoami Alec Stuart Muirk Network Security Architect Firewall Engineer Ruxcon

whoami Alec Stuart Muirk Network Security Architect Firewall Engineer Ruxcon

whoami Alec Stuart Muirk Network Security Architect Firewall Engineer Ruxcon attendee Security hobbist alec.stuart@gmail.com DISCLAIMER This research is not related to my job or current employer. This is purely an exercise

1.66k views • 111 slides
Picking II, Collision and Accelleration Week 10, Fri Mar 23

Picking II, Collision and Accelleration Week 10, Fri Mar 23

University of British Columbia CPSC 314 Computer Graphics Jan-Apr 2007 Tamara Munzner Picking II, Collision and Accelleration Week 10, Fri Mar 23 http://www.ugrad.cs.ubc.ca/~cs314/Vjan2007 News showing up for your project grading slot is

551 views • 44 slides
Strongly Coupled Gauge Strongly Coupled Gauge Theories and Strings Theories and Strings Igor

Strongly Coupled Gauge Strongly Coupled Gauge Theories and Strings Theories and Strings Igor

Strongly Coupled Gauge Strongly Coupled Gauge Theories and Strings Theories and Strings Igor Klebanov Igor Klebanov Department of Physics Department of Physics Princeton University Princeton University Talk at the Galileo Galilei Galilei

882 views • 39 slides
A Novel Heterogeneous Algorithm for Multiplying Scale-Free Sparse Matrices Kiran Raj Ramamoorthy,

A Novel Heterogeneous Algorithm for Multiplying Scale-Free Sparse Matrices Kiran Raj Ramamoorthy,

A Novel Heterogeneous Algorithm for Multiplying Scale-Free Sparse Matrices Kiran Raj Ramamoorthy, Dip Sankar Banerjee, Kannan Srinathan and Kishore Kothapalli. C-STAR, IIIT Hyderabad. Outline Inspiration :: Heterogeneous Platform &

845 views • 72 slides
New MiniBooNE MiniBooNE Results Results New Zelimir Djurcic Zelimir Djurcic Physics

New MiniBooNE MiniBooNE Results Results New Zelimir Djurcic Zelimir Djurcic Physics

New MiniBooNE MiniBooNE Results Results New Zelimir Djurcic Zelimir Djurcic Physics Department Physics Department Columbia University Columbia University Outline Outline MiniBooNE MiniBooNE Motivation and Description Motivation and

906 views • 36 slides

More recommend