Pumpcon 2012 Review – Blueray Hacking and BacNet

Posted: October 30, 2012 in Threats
Tags:

PumpCon

My first time at Pumpcon and it was quiet educational and fun.  Nothing like being with a small group of smart people drinking and talking about computers.  Considering this is an invite only group I have to thank the speaker that allowed me to come along.  Overall there were two talks that really got my attention.  These were from the two Brads.  There was another presentation also by Travis Goodspeed.

The First Brad

This was an entertaining and informative talk on Blueray hacking.  It appears most new Samsung devices all use the same underlying OS.  This includes the TVs.  Brad went into good detail about how he soldered wires to the different debug connectors on the board to monitor the electricity with a volt meter and logic analyzer.  He took us through his epic adventure of being denied console access through just about every approach.  Eventually all this research had lead him to an approach where he was able to setup a telnet listener and obtain console root access to the device.   I’m sure there will be a blog with more detail on this eventually at Open Security Research.  For now one of the biggest nuggets of information he supplied was to check out SamyGo before doing any Samsung hacking.

http://www.samygo.tv/

 The Second Brad

The BacNet Attack Framework talk was interesting.  This typically goes a little outside of the realm of this blogs core topic of information security, but it’s very important because of the significance around ICS and SCADA equipment.  Brad went through some discussions about BackNet listening and suggested a good portion of the items he is studying all talk on UDP.  Based on my understanding it appears many of the items he is discussing really could be mitigated with unidirectional firewalls or other known protection mechanisms. 

 What Else?

The rest of the Con was spent with drinking and talking about sexual harassment images in presentations.  It was in regards to whether or not certain images should be shown at conferences now since there are more and more women attending.  I think eventually the best response to this was “let’s just end this discussion and talk about computer shit”.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s