Pentesting over Power lines

CC Attribution 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.

Identifiers

10.5446/40555 (DOI)

Publisher

DEF CON

Release Date

2013

Language

English

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

When performing penetration tests on the internal network in conjunction with physical pentests your always concerned about being located. Let's remove that barrier and perform your penitents over power lines and never be detected. In this presentation we'll cover how you can perform full penetration tests over the power lines and hack into home automation systems. Home automation has been gaining momentum not only in small homes but in large companies and organizations. There's a huge variety of solutions out there both open-source and "proprietary" that provide these solutions to your homes and businesses. Home automation gives us several things for example, full-fledge 85mbps networks, security systems, lights, windows, HVAC, doors, and cameras and they are all generally done through the power lines or through short-wave wireless communications. So let's break it.... During this presentation we'll be going over the non-existence of security over these devices, show proof of concept demonstrations on hacking these devices, and while we're at it, demonstrate how to disable all security mechanisms that use the different protocols like X10. Dave Kennedy (ReL1K) is a Director of Information Security for a Fortune 1000 company and the founder of DerbyCon. David is a penetration tester that likes to write code, break things, and develop exploits. Dave is on the Back|Track and Exploit-Database development team and the co-host of the Social-Engineer podcast and started the first Offensive-Security Ohio Chapter. David continues to contribute to a variety of open-source projects. David had the privilege in speaking at some of the nations largest conferences on a number of occasions including BlackHat, Defcon and Shmoocon. David is the creator of the Social-Engineer Toolkit (SET), Fast-Track, modules/attacks for Metasploit, and has released a number of public exploits. David heavily co-authored the Metasploit Unleashed course available online and has a number of security related white-papers in the field of exploitation. David is the author of the book "Metasploit: A Penetration Testers Guide". Lastly, David worked for three letter agencies during his U.S Marine career in the intelligence field specializing in red teaming and computer forensics.