Lucas Apa is an information security expert and entrepreneur. He currently provides comprehensive security services with cutting-edge firm IOActive (Seattle, USA), both onsite and remotely, for most of Global 500 companies and organizations.
Focused on offensive security, he publicly disclosed critical vulnerabilities and exploits for widely used operating systems, industrial control systems, modern robots, access controls, embedded devices and other groundbreaking technology that shapes the future world.
Lucas’ security research and ideas have been presented at world-renowned security conferences including Black Hat USA, PacSec Japan, Black Hat Europe, Ekoparty, AppSec USA, SecTor and EnergySec. His technical work and opinions have been featured in media outlets such as: The New York Times, Reuters, The Wall Street Journal, Forbes, CNN, CNBC, Financial Times, FOX, VICE and much more. He is currently based in Argentina and advises regularly with local media as a commentator and security analyst.
With an envisioned sense of adventure and experience, Lucas gives the companies he works with the opportunity to partner with global authorities by leading, managing and executing highly technical projects and missions.
Cesar Cerrudo is Chief Technology Officer for IOActive Labs, where he leads the team in producing ongoing, cutting-edge research in areas including Industrial Control Systems/SCADA, Smart Cities, the Internet of Things, Robots and software and mobile device security. Cesar is a world-renowned security researcher and specialist in application security.
Throughout his career, Cesar is credited with discovering and helping to eliminate dozens of vulnerabilities in leading applications including Microsoft SQL Server, Oracle database server, IBM DB2, Microsoft Windows, Yahoo! Messenger, and Twitter, to name a few. He has a record of finding more than 50 vulnerabilities in Microsoft products including 20 in Microsoft Windows operating systems. Based on his unique research, Cesar has authored white papers on database and application security as well as attacks and exploitation techniques. He has presented at a variety of company events and conferences around the world including Microsoft, Black Hat, Bellua, CanSecWest, EuSecWest, WebSec, HITB, Microsoft BlueHat, EkoParty, FRHACK, H2HC, Infiltrate, 8.8, Hackito Ergo Sum, NcN, Segurinfo, RSA, and DEF CON.
He recently started Securing Smart Cities (http://www.securingsmartcities.org), a non profit initiative to make cities around the world safer.
Cesar collaborates with and is regularly quoted in print and online publications. His research has been covered by Wired, Bloomberg Businessweek, TIME, The Guardian, CNN, NBC, BBC, Fox News, The New York Times, New Scientist, Washington Post, Financial Times, The Wall Street Journal, and so on.
[Abstract]
==========
Robots are going mainstream. In the very near future robots will be everywhere, on military missions, performing surgery, building skyscrapers, assisting customers at stores, as healthcare attendants, as business assistants, as sex partners, cooking in homes, and interacting with our families.
While robot ecosystems grow and become more of a disrupting force in our society and economy, they pose more of a significant threat to people, animals, and organizations if the technology is not secure. When vulnerabilities are exploited in robots, physical features can be utilized by attackers to damage property, company finances, or cause unexpected consequences where human life can be endangered. Robots are essentially computers with arms, legs and wheels, so the potential threats to their physical surroundings increase exponentially and in ways not widely considered before in computer security.
In recent research, we discovered multiple critical vulnerabilities in home, business and industrial collaborative robots from well-known vendors. With responsible disclosure now completed, it’s time to reveal all the technical details, threats, and how attackers can compromise different robot ecosystem components with practical exploits. Live demos will showcase different exploitation scenarios that involve cyber espionage, harmful insider threats, property damage, and more.
Through realistic scenarios we will unveil how insecure modern robot technology can be and why hacked robots could be more dangerous than other insecure technologies. The goal is to make robots more secure and prevent vulnerabilities from being exploited by attackers to cause serious harm to businesses, consumers, and their surroundings.