IOActive Turns Las Vegas into a Smart City during Black Hat and DEF CON

Company to showcase series of research centered on math, physics, advanced technology, and SCADA

July 29, 2015

8 Min Read


Seattle, USA — July 29, 2015 – IOActive, Inc., the worldwide leader in research-driven security services, today announced it is lighting up Las Vegas with thirteen groundbreaking presentations at the annual Black Hat and DEF CON security conferences. 

IOActive will showcase a series of talks and activities centered on math, physics, advanced technology, and SCADA. These talks follow the call to action it issued earlier this year for Smart Cities to take a more active role in protecting citizens. The company will also present demos to show how silicon chip hacking is critical to protecting the future of Smart Cities. 

In addition to the sessions at Black Hat, IOActive will host a cocktail reception at the House of Blues in Mandalay Bay on Wednesday, August 5, featuring DJ Alan Alvarez hitting the decks and violin.

On Friday, August 7, the company will host its annual IOAsis sanctuary at Bally’s during DEF CON. The IOAsis provides a unique opportunity for in-depth discussions with IOActive’s top researchers and hands-on demos of upcoming IOActive Labs research.

Finally, after a two-year hiatus, IOActive is bringing back its renowned DEF CON party in the form of FreakFest 2015 on Saturday, August 8, at Bally’s Blu Pool.

 Overview of Briefings at Black Hat and DEF CON:

·    Remote Exploitation of an Unaltered Passenger Vehicle

By Chris Valasek, director of vehicle security research for IOActive, and Charlie Miller, security engineer for Twitter

Black Hat: August 5, 2015 at 15:00

DEF CON:   August 8, 2015 at 14:00

Although the topic of automotive hacking is often discussed, the details of successful attacks, if ever made public, are non-comprehensive at best. In this talk, Chris and Charlie will reveal the reality of car hacking by demonstrating exactly how a remote attack works against an unaltered, factory vehicle. 

·    Switches get Stitches

By Colin Cassidy, security consultant for IOActive, Eireann Leverett, and Robert Lee 

Black Hat: August 5, 2015 at 15:00

DEF CON:   August 8, 2015 at 16:00

 This talk will introduce Industrial Ethernet Switches and their vulnerabilities. These are switches used in industrial environments, like substations, factories, refineries, ports, or other homes of industrial automation. In other words, DCS, PCS, ICS & SCADA switches. 

Not only will vulnerabilities be disclosed for the first time, but the methods of finding those vulnerabilities will be shared. The researchers will also be providing live mitigations that owner/operators can use immediately to protect themselves. 

·    Remote Physical Damage 101 – Bread and Butter Attacks 

By Jason Larsen, principal security consultant for IOActive 

Black Hat: August 6, 2015 at 09:00

It is possible to physically damage equipment through purely cyber means. Most of the time the attacker takes advantage of something specific to the CyberPhysical System (CPS) being targeted. As an example, mixing in a cleaning agent during a production cycle can cause an unwanted chemical reaction. Attacking software has been described as "unexpected computation." Attacking a process is all about "unexpected physics." In this talk, Larsen will demonstrate various forms of physical attacks to help stimulate discussion on how an attack can be mitigated after code execution is already achieved.

·    Rocking the Pocket Book: Hacking Chemical Plant for Competition and Extortion

By Jason Larsen, principal security consultant for IOActive, and Marina Krotofil, senior security consultant, European Network for Cyber Security

DEF CON:   August 7, 2015 at 18:00

 This session should be considered a master class on complex physical hacking. The presentation will simulate a plant for vinyl acetate production and demonstrate a complete attack, from start to end, directed at persistent economic damage to a production site, while avoiding attribution of production loss to a cyber-event. Such an attack scenario could be useful to a manufacturer aiming at putting competitors out of business or as a strong argument in an extortion attack. Exploiting physical processes is an exotic and hard-to-master skill with a high barrier to entry. To help the community master new skills, Larsen and Krotofil will explain the “Damn Vulnerable Chemical Process,” the first open source framework for cyber-physical experimentation based on two realistic models of chemical plants. 

·    Subverting Satellite Receivers for Botnet and Profit 

By Sofiane Talmat, senior security consultant for IOActive 

Black Hat: August 5, 2015 at 17:30

New generation Set Top Boxes (satellite receivers) are embedded Linux boxes offering all the features of any Linux-based machine, including wireless and network connectivity. This has allowed hackers to crack most satellite DVB-CA encryption schemes promoting the apparition of a parallel black market for pay TV subscription at very low cost. Talmat will present a practical attack that exploits human weakness, satellite receiver design, protocols, and subscription mechanisms. He will also describe a similar attack that was conducted some years ago using a backdoor within a CCCAM protocol provider.

·    Abusing XSLT for Practical Attacks 

By Fernando Arnaboldi, senior security researcher for IOActive

Black Hat: August 6, 2015 at 15:50

DEF CON:   August 8, 2015 at 14:00

Over the years, Extensible Markup Language (XML) has been a rich target for attackers due to flaws in its design as well as implementations. It is a tempting target because it is used by other programming languages to interconnect applications and is supported by web browsers. This talk will demonstrate how to use XSLT to produce documents that are vulnerable to new exploits. This presentation includes proof-of-concept attacks demonstrating XSLT’s potential to affect production systems, along with recommendations for safe development.

·    Beyond the Scan: The Value Proposition of Vulnerability Assessment

By Damon Small, managing consultant for IOActive

DEF CON:   August 6, 2015 at 14:00

 Vulnerability assessment is regarded by some as one of the least ‘sexy’ capabilities in information security. However, it is a key component of any successful infosec program, and is often overlooked. In this talk, Small will explore how vulnerability assessments can be leveraged ‘Beyond the Scan’ and provide tangible value to not only the security team, but the entire business that it supports. 

Overview of Village Talks at DEF CON:

·    Brain Waves Surfing - (In)security in EEG (Electroencephalography) Technologies

By Alejandro Hernandez, senior security consultant for IOActive

DEF CON:   August 8, 2015 at 19:00, Bio Hacking Village

Electroencephalography (EEG) is a non-invasive method used to record and study electrical activity of the brain taken from the scalp. The source of these brain signals is mostly the synaptic activity between brain cells (neurons). EEG activity is represented by different waveforms per second (frequencies) and can be used to diagnose or monitor health conditions such as epilepsy, sleeping disorders, seizures, and Alzheimer disease. Brain signals are also used for many other research and entertainment purposes, such as neurofeedback, arts, and neurogaming. Alejandro will provide a brief introduction of Brain-Computer Interfaces (BCIs) and EEG to help attendees to understand the risks involved in brain signal processing, storage, and transmission.

·    The Grid: A Multiplayer Game of Destruction 

By Kenneth Shaw, senior security consultant for IOActive 

DEF CON:   August 9, 2015 at 12:00, ICS Village

Kenneth introduced "The Grid: A Multiplayer Game of Destruction" this year, and now he will teach attendees how to play it! The game is composed of compromised portions of an electric grid, which players can control with the end goal of destroying parts of the electric grid system. It will require cooperation or cunning from players to bring it down. He will explain the details of how the game was created, how realistic the simulations are, and what a well-positioned attacker could hope to achieve. Additionally, Kenneth will discuss IOActive’s research in the area and demonstrate required compromised nodes for system failure, resonances, and more! 

·    Security and the New Generation of Set Top Boxes

By Sofiane Talmat, senior security consultant for IOActive 

DEF CON:   August 8, 2015 at 14:00, IoT Village

New generation Set Top Boxes (satellite receivers) are embedded Linux boxes that have joined the IoT primarily for Internet Protocol Television (IPTV) and cardsharing for pay TV channel decryption. Sofiane will talk about design flaws, protocols, modules, and plugins for cardsharing and IPTV. He will focus on the technical aspects of reverse engineering protocols, cardsharing plugins, and satellite receiver software, identifying vulnerabilities in the satellite receiver box and remote IPTV service accessible by the DVB receiver.

For more information on sessions and events, and to RSVP for any IOActive activities, please visit:

About IOActive

IOActive is the industry’s only research-driven, high-end information security services firm with a proven history of better securing our customers through real-world scenarios created by our security experts. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment to chip reverse engineering across multiple industries. IOActive is the only security services firm that has a dedicated practice focusing on Smart Cities and the transportation and technology that connects them. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, US, with global operations through the Americas, EMEA, and Asia Pac regions.  Visit for more information. Read the IOActive Labs Research Blog: Follow IOActive on Twitter:

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights