CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree

bg-inner

SESSION

09/21 16:45 - 17:15 OT Security Forum

Pwning HVAC Control System

Nowadays heating, ventilation, and air conditioning (HVAC) system are indispensable in many places, such as hospitals, factories, office buildings and even in residentials. Most of HVAC systems have a Human Machine Interface (HMI) and can be easily managed remotely. While convenience is improved, the security of HVAC control systems is often neglected.

This time, we have investigated popular HVAC control systems that have web-accessible HMIs. During our research, some products were found to be vulnerable to attacks such as credentials disclosure and privilege escalation. Furthermore, many of them could be found on the Internet. Since HVAC control systems are usually connected to other building systems and facility equipment, if HVAC control system is taken over, other systems would be attacked easily. In this session, we will introduce possible attack scenarios and how to mitigate these attacks.

LOCATION Taipei Nangang Exhibition Center, Hall 2 7F 701H LANGUAGE English
SESSION TOPIC ICS/SCADA SecurityOT SecurityIndustrial Security

SPEAKER

Chicoyama
TXOne / TrendMicro 資安威脅研究員

Chicoyama is a security researcher at Trend Micro/TXOne Networks. Chicoyama has been working for over a decade in the security industry. She previously had developed forensic tools, then shifted the research focus on IoT and ICS related products and protocols. Chicoyama is currently working on ICS vulnerability research and has been credited for multiple ICS-CERT advisories.

Canaan Kao
TXOne Networks Director

Canaan has been a DPI/IDS/IPS engineer since 2001. He led the anti-botnet project of MoECC in NTHU (2009-2013) and held “Botnet of Taiwan” (BoT) workshops (2009-2014). He spoke at HitCon2014 CMT,HitCon2015 CMT and HitCon 2019. His primary research interests are in network security, intrusion detection systems, reversing engineering, malware detection, and embedded systems.