Black Hat Physical Device Security: Exploiting Hardware and Software |
By Drew Miller, Foreword by Michael Bednarczyk, CEO, Black Hat Services
HIGHLIGHT
Black Hat, Inc. is the premier, worldwide provider of security training, consulting, and conferences. In this book the Black Hat experts show readers the types of attacks that can be done to physical devices such as motion detectors, video monitoring and closed circuit systems, authentication systems, thumbprint and voice print devices, retina scans, and more. |
Attacking & Defending Physical Devices for Software and Hardware Engineers
Date: Feb 2005
Pages 416 (est.)
User level: All
|
DESCRIPTION
The Black Hat Briefings held every year in Las Vegas, Washington DC, Amsterdam, and Singapore continually expose the greatest threats to cyber security and provide IT mind leaders with ground breaking defensive techniques. There are no books that show security and networking professionals how to protect physical security devices. This unique book provides step-by-step instructions for assessing the vulnerability of a security device such as a retina scanner, seeing how it might be compromised, and taking protective measures. The book covers the actual device as well as the software that runs it. By way of example, a thumbprint scanner that allows the thumbprint to remain on the glass from the last person could be bypassed by pressing a "gummy bear" piece of candy against the glass so that the scan works against the last thumbprint that was used on the device. This is a simple example of an attack against a physical authentication system.
KEY
SELLING POINTS
- First book by world-renowned Black Hat, Inc. security consultants and trainers
- First book that details methods for attacking and defending physical security devices
- Through partnership with Black Hat, Inc. this book will get prime exposure and marketing at Black Hat Briefings
MARKET
INFORMATION
Physical security exposures have become more mainstream in the last year as industry magazines have added security systems such as barriers and monitoring systems to their editorial calendars. However, to date, no book or methodology has bridged the world of physical security and software exposures. The process of bypassing individual security devices to penetrate a security system within a physical environment can be done using the same methods used by hackers in the software industry. All levels of systems will be discussed, from the simple fie alarm or solution the local store might employ all the way to multi-system companies potentially storing mission critical data.
ABOUT
THE AUTHOR
Drew Miller is an instructor for Black Hat Training, Inc. and has been teaching and lecturing abroad on defensive security methodologies and application attack detection. Drew has been a software engineer for more than ten years and has worked at many levels of software development, from embedded operating systems, device drivers and file systems at Datalight Inc. to consumer and enterprise networking products such as Laplink's PCSync and Cenzic's Hailstorm. Drew's experience with many software genres combined with his passion for security give him a detailed perspective on security issues in a wide variety of software products. Drew has also designed and developed security courses for Hewlett-Packard at the Hewlett-Packard Security Services Center.
TECHNOLOGY
BACKGROUND
This book covers both software and hardware engineering because both are required for complete assessment of a security device. A device can receive a physical attack (candy on top of a sensor example from earlier), an attack to its software (someone altering settings) and these attacks can happen in different ways (hacking into a network via a modem or via the Internet). Many systems are in use and can be categorized as: Detectors (such as a motion detector), Video Monitoring (such as a closed circuit system), Audio Monitoring (such as a web-based system), and Authentication (such as a thumbprint or retina scan). Each of these security systems has strengths and weaknesses associated with it. |
