Skip Navigation
BlackBerry Blog

Hacking Exposed Live at RSA 2013

NEWS / 04.27.13 / Stuart McClure

As the founder of the Hacking Exposed series, I know what it takes to educate the defenders: kinetic learning – a.k.a. learning by doing. So again this year we’ve got some amazing stunts in store for the Hacking Exposed LIVE audience at RSA.

Kicking off the day on Wednesday at 8am PST in the Advanced Track, the Cylance team and I will be Exposing the world of embedded systems. This world exists silently all around us. To do this we will be demonstrating brand new ways to hack into Embedded systems including a Smart TV, a build management/industrial control system, and a physical lock box. Why a physical lock box? Because when all else fails, the bad guys go physical -– why shouldn't the protectors.

I’ve spent the better part of 15 years tirelessly demonstrating how Advanced hacks work, and literally wrote the book on advanced hacks with my first edition of Hacking Exposed. If you look at the back inside cover of that first edition (or any subsequent edition) you will find what people today call “Advanced” but how advanced can it truly be if we’ve known about these techniques for some 15 years? Not very. The only advanced part really is the prolific use of 0-day vulnerabilities in their payloads or techniques. And even those are not revolutionary or ground breaking. They are using the same old and tired techniques just in a new format. The embedded world is no different.

The same, tired and old techniques are what define embedded vulnerabilities today. They are the same hacks just miniaturized. We’ve seen hacks that take advantage of buffer overflows in automobiles to take over the CANbus. We’ve seen hardcoded backdoors allowing authentication bypassing on life-giving insulin pump devices. We’ve seen weak cryptography allowing eavesdropping and eventually control of the device. But remember that these tiny systems contain the same basic functionality of all common computers: input/output and processing.

With nearly 10 billion embedded devices on the planet today, we simply cannot ignore this elephant in the living room any longer – we MUST address the countermeasures and fixes TODAY, before it’s too late.

We hope to help this effort.

Attending RSA 2013? Stuart McClure is holding several, FREE book signings:

  • February 27, 2013 - HB Gary Booth (#2650) @ 11:00 AM
  • February 27, 2013 - Cigital Booth (#132) @ 3:00 PM
  • February 28, 2013 - CounterTack Booth (#2533) @ 11:00 AM
Stuart McClure

About Stuart McClure

CEO, President, and Founder of Cylance

Stuart leads Cylance® as its CEO for the first math based approach to threat detection, protection and response. Prior to Cylance, Stuart was EVP, Global CTO and General Manager at McAfee/Intel. Stuart is the creator and lead-author of the most successful security book of all time, Hacking Exposed. He is widely recognized for his extensive and in-depth knowledge of security, and is one of the industry's leading authorities in information security today.