Camp 2011 - Version 1.4

Chaos Communication Camp 2011
Project Flow Control

Day Day 4 - 2011-08-13
Room Baikonur
Start time 21:00
Duration 01:00
ID 4439
Event type Lecture
Track Hacking
Language used for presentation English

Machine-to-machine (M2M) security

When physical security depends on IT security

Today, more and more real-world things and machines are equipped with some kind of connection back home to the vendor. Such machine-to-machine (M2M) communication is often poorly secured and some day, the shit will hit the fan!

Due to the wide availability of broadband internet and mobile communication, the number of embedded systems that come with a network connection is constantly increasing. These devices are ubiquitous and used in a wide range of applications: smart grid, building management, surveillance, traffic control and individual vehicles.

Those embedded devices are often poorly secured, if at all. But things get a lot worse: Vendors often don't take into account, that a device might get compromised, thus giving the attacker access to their network.

This talk will give an overview over general machine-to-machine (M2M) communications and corresponding attack scenarios. In addition to wired systems, wireless systems will be considered. Of the latter, GSM based systems are the most interesting. Several ways to attack an embedded device, extract secret data and gain network access will be shown.

Finally, some good and bad attempts to enhance the security of M2M systems will be presented.