The M2M Risk Assessment Guide - A Cyber Fast Track Project

Explore the comprehensive analysis of Machine-to-Machine (M2M) technology and its security implications in this 59-minute Black Hat EU 2013 conference talk. Delve into the findings of a Cyber Fast Track project conducted by Capitol Hill Consultants LLC, which examined over 200 M2M-centric companies worldwide. Learn about the M2M Risk Assessment Guide, a playbook for M2M security that provides strategies for auditing existing products and designing secure prototypes. Gain insights into the six primary M2M industries and the low-level components used in their solutions. Discover how consulting teams and internal security teams can utilize this guide to enhance M2M security. Uncover potential vulnerabilities and 0-day techniques, including remote glitching, GPS baseband compromise, rootless SSL, and MIM bypass. Understand the complexities of M2M technology and its impact on various industries, from automobiles to medical devices and SCADA systems. Prepare for future developments in M2M security as presenter Don A. Bailey walks you through this essential resource for engineers and analysts in the rapidly evolving field of M2M technology.

Intro
Capitol Hill Consultants
DARPA Cyber Fast Track
M2M Risk Assessment Project
What the heck is M2M?
It's More Complex
Botanicus Interacticus
Evil Plants? Sure, why not?
Building the Guide
Profiling allowed us to
Business Weaknesses
For each industry
Products are composed of
High Level Components
Low Level Components
Patterns of Vulnerability
0-day technique: Remote Glitching
ST M24LR Family
0-day technique: Remote GPS baseband compromise
0-day technique: Rootless SSL
0-day technique: MIM Bypass
Guide Summary
Synapse SNAP Module
Monnit RFUSB1 SubGHz
Other Labs
MRAG Summary
Future Efforts
Thank you!