Click to return home

Site Map  |  Privacy Policy  |  Advisories

About Us

Services

News

Resources

Contact

 
greybar

Speaker Alert
greybar
 
PRESENTER: Eireann Leverett, Senior Security Consultant for IOActive
PRESENTATION: Vulnerability Inheritance in Programmable Logic Controllers
CONFERENCE: GreHack 2013
LOCATION: Amphi Vaujany Grenoble, France
DATE & TIME: Friday November 15, 2013 at 12:35pm
INFO: http://grehack.org/en/

Eireann Leverett will deliver an academic paper that illustrates how over 200 types of PLCs and EWSs share a common runtime library. This commonality makes them susceptible to authentication bypass vulnerabilities discovered by Reid Wightman, Senior Security Consultant at IOActive, over a year ago. Using this flaw, an unauthenticated attacker could upload ladder logic to the PLCs or halt programs that were running. Eireann and Reid scanned the Internet to see just how many are vulnerable, and then shared the data with 30 countries. The paper Eireann is presenting provides a detailed description of the problem, and the number and distribution of vulnerable devices they found exposed to the internet a year after the vulnerability was announced.

About Eireann Leverett
Eireann Leverett is a Senior Security Consultant at IOActive where he focuses on Smart Grid and SCADA systems. He studied artificial intelligence (AI) and software engineering at Edinburgh University and went on to get his Masters in Advanced Computer Science at Cambridge. He studied under Frank Stajano and Jon Crowcroft in the Cambridge computer security group. He worked for GE Energy for five years as well as a six-month engagement with ABB in their corporate research department.

About GREhack
The 2nd International Symposium on Research in Grey-Hat Hacking - aka GreHack - will be held in Grenoble, France on November 15, 2013. It will gather researchers and practitioners from academia, industry, and government to discuss new advances in research related to any area of computer and information security.

About IOActive
IOActive is a comprehensive, high-end information security services firm with a long and established pedigree in delivering elite security services to its customers. Our world-renowned consulting and research teams deliver a portfolio of specialist security services ranging from penetration testing and application code assessment through to semiconductor reverse engineering. Global 500 companies across every industry continue to trust IOActive with their most critical and sensitive security issues. Founded in 1998, IOActive is headquartered in Seattle, USA, with global operations through the Americas, EMEA and Asia Pac regions. Visit www.ioactive.com for more information.

-###-

Press contact:
Craig Brophy
Global PR Manager, IOActive, Inc.
E: PR@ioactive.com
T: +44 203 287 3421




 
greybar

More Information


Need more information?
Contact IOActive today.



IOActive Profile:
Established: 1998
Headquarters: Seattle, WA and London, UK
Privately held and self-funded
 
IOActive Services:
Application Security, SCADA and Smart Grid, PCI and Compliance, Security Development Lifecycle, Infrastructure Audit, Incident Response and Training.
 
Customers:
Global 500 companies including power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech, social networking, and software development organizations.