Hacking Contests at PHDays VII: City-Wide Digital Mayhem

3/14/2017

For many, the highlight of PHDays is the hacking contests—besides adding a bit of competitive fun, they give valuable experience. This year's participants will be able to peek under the hood of a smart car and break into the automation systems powering an entire (virtual) city.

Most of the contests at PHDays VII are part of The Standoff, including Critical Infrastructure Attack: City, in which hackers can probe and test automated control systems. Last year, at Critical Infrastructure Attack: Blackout, a tenth-grader succeeded in causing a short-circuit at a high-voltage substation (500 kW). Hackers will have free reign on digital infrastructure that faithfully recreates the systems found in a real city, consisting of:

  • Residential areas with building management systems (BMS), smart homes, transportation systems, and IoT gadgets
  • Railroad
  • Power station and substation (electrical generation, distribution, and management)
  • Oil refinery and oil storage/transport facilities
  • Video surveillance systems

If that seems too intimidating to start, we have partnered with ASP Labs to prepare a special warm-up contest named Free SCADA. Our stand will consist of SCADA equipment and PLCs (based on Raspberry Pi single-board computers), where participants can start practicing for Critical Infrastructure Attack: City and get hints about the city infrastructure and system settings. Hackers may take part in the contests only as part of Standoff teams. All necessary software and hardware must be brought by the participants. In addition, conference participants will have two days of access to stands containing the “electronic insides” of modern vehicles. Today's cars are essentially computers with wheels, making them a tempting target for hackers. At the Automotive Village hands-on lab, experts and novices alike can see how car electronics are structured, independently explore a car's network, and write their own exploits. For the theoretically minded, discussion will include security of self-driving and connected cars, plus the difficulties of ECU reverse engineering and QNX security.

Aficionados of automotive security can test their knowledge at Automotive Village: CarPWN. This contest will include searching for wires, ECU searching, connecting to the on-board network without interruption, setting up an MitM attack using CANToolz, testing the security of QNX, and much more. All forum visitors are invited to take part. We recommend bringing your own CAN bus equipment.

Important: Participants must bring their own laptop for all contests. A detailed description of contests and hands-on labs will be published soon on the forum website. Stay tuned for more news!

The forum's partners are Microsoft, IBM, Infotecs, R-Vision, Solar Security and Axoft; the business partners is MONT; among technology partners are Cisco, CompTek, ARinteg, Qrator, and Wallarm; the Standoff partners are PaloAlto, ICL System technologies, Beyond Security; the Standoff participants are Informzaschita, Advanced Monitoring, Jet Infosystems and CROC; the general information partner is the news agency TASS.