Anhand einer Live-Demonstration wird gezeigt, wie ein*e Einbrecher*in mit IT-Sicherheitskenntnissen in eine mit einer RING Kamera ausgestatteten Wohnung eindringen kann. Es wird gezeigt, wie mit einem WiFi Anschluss eine Deauthentifizierungs-Attacke durchgeführt werden kann, um die Datenübertragung der Kamera lahmzulegen, ohne dass die einbrechenden Personen selbst mit dem WiFi der Wohnung verbunden sein müssen.
The current industry, also Industry 4.0 ( "Industry X") has to add digital capabilities to its deep engineering and manufacturing expertise. The presentation focuses on cyber security challenges that emerge in this process, especially for industrials. We will showcase what interrogation cyber security poses to companies operating in the IoT/OT area - and show limitations of current methodologies.
Roland Supper is Group Chief Security Officer (CSO) of Erste Group Bank AG and reports directly to the Holding board. In his group function he's responsible for the areas Business Continuity & Crisis Managemt, (Cyber)Physical Security and Cyber Information Security. A heterogene systems landscape, high sensitive data and different cultures across the operating countries of Erste demand a strong governance concept and certain leadership skills, to ensure the confidentiality, integrity and availability of our customers data.
_sorry, due to technical difficulties, the first few minutes are missing_
Modern cars and tractors are not only bare metal, a motor and wheels, but a complex system, controlled by software within electronic control units (ECU). Safety and usability play a big role in the development of those systems. Since those devices have to be adapted to more than one car type and in field and have to be operational for several decades. Robustness and flexibility is important - the car should work in harsh environments, the car repair shop should be able to troubleshoot the car and the original equipment manifacturer (OEM) needs to be able to adapt and update the software.
The ECUs are connected via common communication protocols and offer several interfaces to other ECUs, diagnostics systems or troubleshooters. Security is also a concern, but with focus on threat scenarios, that may not be obvious to the end users. Since the ECUs contain intellectual property, sensitive information and should not be tamped with, the developers implemented security features and use cryptographic protocols. But are those measures and protocols State-of-the-Art and can withstand attacks even several years after the manufacture?
This demonstration shows the implementation security features in diagnostics protocols of automotive electronic control units. It shows on real devices how a security tester approaches the analysis and how the devices defend against attacks.
Driven by the demand for cryptographic protection in resource-constrained devices, NIST has initiated a lightweight cryptography competition between 2019 and 2023. Among 57 submissions, the Austrian algorithm Ascon has been selected as the new standard for authenticated encryption and hashing. In this talk, we present the design and advantages of Ascon compared to other standards which include security, performance, and footprint. Especially, since ciphers are not used in an ideal world, we show how Ascon’s authenticated encryption also provides robustness against certain implementation attacks and mistakes.
Embedded systems are an essential part of a variety of products, such as IoT gadgets, medical devices, or cars, and have become an integral part of everyday life. In some cases, these systems also play security-critical roles, and their proper functioning – and thus also protection against cyber attacks – should be ensured. However, due to the high degree of specialization of such embedded systems, in some cases no standardized security measures are implemented, but individual solutions that often contain security gaps unnoticed. In this presentation, examples of vulnerabilities that occur in the context of embedded systems will be highlighted and approaches to their avoidance will be presented.
Wieso hinterlassen unsere Cyber Security Tipps gefühlt einen weniger bleibenden Eindruck also so viele andere Werbungen, TikToks, und Produkte? Viele haben sich vermutlich diese (oder eine ähnliche) Frage schon einmal gestellt. In diesem Vortrag thematisieren wir wie die Erste Bank auf diese konkrete Frage gestoßen ist, welche Wege und fachliche Kooperationen wir schon gefunden haben und auch noch erkunden wollen um diese Herausforderung anzugehen.
Due to ChatGPT, OpenAI’s release of the new interface for its Large Language Model (LLM), in the last few months there has been an explosion of interest in General AI in the media and on social networks. This model is used in many applications all over the web and has been praised for its ability to generate well-written code and aid the development process. However, this new technology also brings risks. For instance, lowering the bar for code generation can help less-skilled threat actors effortlessly launch cyber-attacks. In this presentation we want to demonstrate:
How artificial intelligence (AI) models can be used to create a full infection flow, from spear-phishing to running a reverse shell
How researchers created an additional backdoor that dynamically runs scripts that the AI generates on the fly
Examples of the positive impact of OpenAI on the defenders side and how it can help researchers in their day-to-day work
Alle Unternehmen sehen sich immer mehr mit dem Thema Cyber Security konfrontiert. Durch den Mangel sowohl an personellen Ressourcen, als auch an Fachwissen ist es stark erschwert sich entsprechend zu verteidigen. Daraus ergibt sich die Frage, wie Unternehmen bei der Umsetzung von Sicherheitsmaßnahmen unterstützt werden können, auch durch Frameworks wie MITRE ATT&CK.
Join us for an exciting panel discussion on Usable Security featuring top experts, including Bruce Schneier and Katharina Krombholz. Together with other distinguished scholars and practitioners, they will share their latest research findings and experiences in the field.
The discussion will focus on the challenges of designing security solutions that are not only secure but also user-friendly. The panelists will explore the latest trends and developments in the field and discuss the role of human behavior and psychological factors in designing user-friendly security solutions.
This interactive session will provide ample opportunity for participants to engage with the experts, ask questions, and gain valuable insights into the future of Usable Security. Don't miss out on this exciting opportunity to learn from the best and be a part of shaping the future of security.
Participants: Bruce Schneier, Katharina Krombholz, Mathias Tausig, Silvie Schmidt and Nenad Milanovic
Hosted by Manuel Koschuch