Miniaturization – Shrinking a SCADA process control attack to fit into a sensor

Jason Larsen

Thu, 6th November 2014

Speaker Bio 1:
Jason Larsen
Jason Larsen is a Principal Security Consultant at IOActive. Having spent the last decade working in critical infrastructure, he can definitely say he was hacking SCADA systems before it was cool. Jason works in the technical aspects of hacking critical infrastructure and lives in the bits and bytes of control systems. His specialty is remote physical damage.

Prior to returning to IOActive, Jason worked for the Idaho National Labs where he performed security assessments of the software that runs the critical infrastructure. Over his tenure there he did full reverse engineering of most of the major power control systems vendors. In addition to laboratory tests he has performed live penetrations of power grids in multiple countries resulting in control of electric power for short periods of time. Other sectors include chemical manufacturing, pharmaceuticals, petroleum, and water.

Before his career in SCADA security Mr. Larsen bounced between a number of other fields. Some of the random jobs of note include modeling neutron beams for use in treating brain tumors, writing software to analyze nerve impulses, the analyst of last resort for critical infrastructure malware, and two years on the Window 7 penetration testing team.

Learning Objectives:

Jason will explain:

  • A brief overview of process control
  • How sensors are wired and how they communicate
  • How “runs analysis” can be used to spoof the sensor noise floor
  • How “triangle approximation” can be used to detect events in the physical world
  • At a high level how a rookit can be merged into sensor firmware