Login Papers Register

Need an account to vote? Register to attend at gsec.hitb.org/sg2017/

<< previous next >>

Hacking Robots Before Skynet

Lucas Apa

This paper has been accepted.

Robots are going mainstream. In the very near future robots will be everywhere, on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, as sex partners, cooking in homes, and interacting with our families.

While robot ecosystems grow and their technology start disrupting our society and economy, we found they are very insecure and could pose a huge threat to people, animals, and organizations. Striking robot features can be abused by hackers to damage property, company finances or cause unexpected consequences where human life could be endangered. Being robots computers with arms and legs/wheels the threats increase tenfold in scenarios never considered before.

We discovered critical vulnerabilities in several home, business, and industrial robots from well known vendors. Now is time to reveal all the vulnerabilities details, threats and how hackers can compromise different robot ecosystem components with practical attacks. Live demos will showcase different exploitation scenarios that involve cyber espionage, harmful insider threats, property damage and more.

Through practical and realistic scenarios we will unveil how insecure current world robot technology can be and why hacked robots could be more dangerous than other vulnerable technologies. The goal is to make robots more secure and prevent vulnerabilities from being exploited by attackers to cause serious harm to businesses, consumers, and their surroundings.

About Lucas Apa

Lucas Apa is an information security expert and entrepreneur. He currently provides comprehensive security services with cutting-edge firm IOActive, both onsite and remotely, for most of Global 500 companies and organizations.

Lucas’ security research and ideas have been presented at world-renowned security conferences including Black Hat USA, PacSec Japan, Black Hat Europe, Ekoparty, AppSec USA, SecTor and EnergySec. His technical work and opinions have been featured in media outlets such as: The New York Times, Reuters, The Wall Street Journal, Forbes, CNN, CNBC, Financial Times, FOX, VICE and much more. He is currently based in Argentina and advises regularly with local media as a commentator and security analyst.

About Cesar Cerrudo

Professional hacker and entrepreneur.

Cesar Cerrudo is Chief Technology Officer for IOActive Labs, where he leads the team in producing ongoing, cutting-edge research in areas including Industrial Control Systems/SCADA, Smart Cities, the Internet of Things, Robots and software and mobile device security. Cesar is a world-renowned security researcher and specialist in application security.

Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter, to name a few. He has a record of finding more than 50 vulnerabilities in Microsoft products including 20 in Microsoft Windows operating systems. Based on his unique research, Cesar has authored white papers on database and application security as well as attacks and exploitation techniques. He has presented at a variety of company events and conferences around the world including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, 8.8, Hackito Ergo Sum, NcN, Segurinfo, RSA, and DEF CON.

He recently started Securing Smart Cities (http://www.securingsmartcities.org), a non profit initiative to make cities around the world safer.

Cesar collaborates with and is regularly quoted in print and online publications. His research has been covered by Wired, Bloomberg Businessweek, TIME, The Guardian, CNN, NBC, BBC, Fox News, The New York Times, New Scientist, Washington Post, Financial Times, The Wall Street Journal, and so on.