Hacking US (and UK, Australia, France, etc.) traffic control systems
Probably many of us have seen that scene from "Live Free or Die Hard" (Die Hard 4) were the "terrorist hackers" manipulate traffic signals by just hitting Enter key or typing a few keys, I wanted to do that! so I started to look around and of course I couldn't get to do the same, that's too Hollywood style! but I got pretty close. I found some interesting devices used by traffic control systems on important cities such as Washington DC, Seattle, New York, San Francisco, Los Angeles, etc. and I could hack them :) I also found that these devices are also used in cities from UK, France, Australia, China, etc. making them even more interesting. This presentation will tell the whole story from how the devices were acquired, the research, on site testing demos (at Seattle, New York and Washington DC), vulnerabilities found and how they can be exploited, and finally some possible NSA style attacks (or should I say cyberwar style attacks?) Oh, I almost forgot, after this presentation anyone will be able to hack these devices and mess traffic control systems since there is no patch available (sorry didn't want to say 0day ;)) I hope that after this I still be allowed to enter (or leave?) the US.
As CTO for IOActive Labs, Cesar Cerrudo leads the team in producing ongoing, cutting-edge research. Cesar manages IOActive’s responsible disclosure process and is the main liaison between IOActive and CERT. Formerly the founder and CEO of Argeniss Consulting–which was acquired by IOActive–Cesar is a world-renowned security researcher and specialist in application security. Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications, including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter. He has a record of finding more than 50 vulnerabilities in Microsoft products and more than 20 in Microsoft Windows Operating Systems. Cesar has authored several white papers on database and application security as well as attacks and exploitation techniques based on his unique research. More recently he’s conducted research on the Internet of Things (IoT) and traffic control systems. He has been invited to present at a variety of companies and conferences, including Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, 8.8, Hackito Ergo Sum, NcN, and Defcon. Cesar collaborates with, and is regularly quoted in, print and online publications.