Today, more and more real-world things and machines are equipped with some kind of connection back home to the vendor. Such machine-to-machine (M2M) communication is often poorly secured and some day, the shit will hit the fan! Due to the wide availability of broadband internet and mobile communication, the number of embedded systems that come with a network connection is constantly increasing. These devices are ubiquitous and used in a wide range of applications: smart grid, building management, surveillance, traffic control and individual vehicles. Those embedded devices are often poorly secured, if at all. But things get a lot worse: Vendors often don't take into account, that a device might get compromised, thus giving the attacker access to their network. This talk will give an overview over general machine-to-machine (M2M) communications and corresponding attack scenarios. In addition to wired systems, wireless systems will be considered. Of the latter, GSM based systems are the most interesting. Several ways to attack an embedded device, extract secret data and gain network access will be shown. Finally, some good and bad attempts to enhance the security of M2M systems will be presented.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.