Opposing Force research presentation on Smart Cities security and Smart Mobility technologies penetration testing (DEF CON 24 | HITB GSEC Singapore 2016)
2. About
us
||
§ Matteo
Beccaro
§ Founder &
Chief
Technology
Officer
at
Opposing
Force
§ The
first
Italian
company
specialize
in
offensive
physical
security
§ Twitter:
@_bughardy_
|
@_opposingforce
§ Web:
www.opposingforce.it
3. About
us
||
§ Doc.
Matteo
Collura
§ Bachelor
of
Science
in
Electronic
Engineering
§ Currently
studying
“Nanotech
for
ICT” at
Politecnico di
Torino
§ Twitter:
@eagle1753
34. Bike
sharing
– case
study
||
Physical
issue:
§ The
hook’s
sensor
is
not
very
precise
§ Unlock
a
bike
and
slowly
remove
it
from
the
hook
§ The
sensor
is
still
detecting
the
bicycle..
35. Bike
sharing
– case
study
||
Physical
issue:
§ It
can
be
detected
by
the
central
system
IF
I. The
bike
is
left
to
an
other
station
II. A
bike
is
hooked
to
the
previous
station
36. Agenda
||
§ What
is
a
smart
city?
§ Smart
transport
systems
§ Smart
parking
meter
§ Bike
sharing
§ Public
transport
§ What’s
next?
37. Public
transport
– case
study
||
Two
existing
systems
“Online”
system“Offline”
system
38. Public
transport
– case
study
||
Offline
system
§ Lock
Attack
§ Time
Attack
39. Public
transport
– case
study
||
Lock
Attack
§ Abuse
MIFARE
Ultralight
functionality
§ Set
OTP
page
in
read-‐only
mode
§ No
rides
are
removed
Page Address Byte
#
DEC HEX 0 1 2 3
0 0x00 UID
1 0x01 UID
2 0x02 UID Internal
Lock
Bytes
Lock
Bytes
3 0x03 OTP
From
4
to 15 0x04
to
0x0F Data
40. Public
transport
– case
study
||
Time
Attack
§ Abuse
of
multiple
rides
tickets
§ Reverse
engineer
the
stamping
date
§ Update
the
stamping
date
without
removing
rides
42. Public
transport
– case
study
||
Replay
Attack
§ Use
of
UID changeable
tickets
or
emulators
§ Bypass
“software”
encryption
§ Very
difficult
to
fix
43. Agenda
||
§ What
is
a
smart
city?
§ Smart
transport
systems
§ Smart
parking
meter
§ Bike
sharing
§ Public
transport
§ What’s
next?