August 10, 2019 1:00 PM
This talk features a real-life attack scenario leveraging the vulnerability presented in our main talk at DEFCON 27, “HVACking: Understand the Difference Between Security and Reality!” Technology has transformed our lives in such a way that we often take for granted the automation responsible for everyday tasks. When you walk into your office and scan your badge, the doors open automatically. During your hospital stay, air pressure is carefully regulated to make sure contaminants stay out or in. In schools and businesses, HVAC systems are managed autonomously to ensure you stay comfortable. Building controllers, a type of industrial control system, are behind these seemingly simple tasks. Like most modern devices, building controllers have become increasingly network and internet-connected, exposing them to a wider range of threats. If malicious actors could take control of access control systems, jeopardize the positive pressure in an operating room, or compromise temperature controls for critical industrial applications, the potential for catastrophic damage is immense. McAfee Advanced Threat Research (ATR) has discovered a 0-day vulnerability in a well known building controller. This is a fully programmable native BACnet™ building controller designed to manage a wide range of HVAC and access control systems. To demonstrate the impact of this attack, ATR has built a simulated datacenter with a fully functioning HVAC system. This talk will demonstrate hacking and controlling this demo unit in real time, along with a discussion of the impact an attack like this can have in the real world.
Douglas McKee is a Sr. Security Researcher for the McAfee ATR team, focused on finding new vulnerabilities in both software and hardware. Douglas has an extensive background in vulnerability research, penetration testing, reverse engineering, and forensics.
Mark Bereza (@ROPsicle) is a security researcher and new addition to McAfee's Advanced Threat Research team. A recent alumnus of Oregon State's CS systems program, Mark's work has focused primarily on vulnerability discovery and exploit development for embedded systems.