Breaking the security of physical devices
by Mirko Zorz - Editor in Chief - Monday, 18 August 2014.
In this podcast recorded at Black Hat USA 2014, Silvio Cesare, Director of Anti-Malware Engineering at Qualys, discusses the security measures of a number of household devices and things.

His analysis involved not only mathematics and software defined radio, but the building of a button pushing robot to press the keyless entry to capture data sets that enable the mathematical analysis.

Software defined radio is not only used in the kelyess entry attack, but in simple eavesdropping attacks against 40mhz analog baby monitors. But that's an easy attack. A more concerning set of attacks are against home alarm systems. Practically all home alarm systems that had an RF remote to enable and disable the system were shown to used fixed codes. This meant that a replay attack could disable the alarm.

Silvio Cesare is a researcher, writer, and presenter in industry and academia. He holds a Doctorate from Deakin University in Australia. At Qualys he's developing next-generation malware protection based on his University research. He has a Bachelor of Information Technology and a Master of Informatics by research from CQUniversity where he was awarded with two academic prizes during his undergraduate degree, a University Postgraduate Research Award full scholarship during his Masters degree and an award for the highest achieving PhD student during his candidature.


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th