Meetup #19: (yet another) Hardware and IoT Cybersecurity oriented meetup

IMPORTANT NOTICE - THE MEETUP WILL BE RESCHEDULED . PLEASE STAY TUNED FOR UPDATES. WE MOVED IT TO A DISTANT DATE - BUT WE WILL DEFINITELY HOLD IT IN THE NEXT MONTH OR TWO.
For reasons beyond our understanding, after setting the meetup on the 24.3 (instead of having the Kernel debugging one then) due to GM's request, and postponing it in a week due to logistics issues at the host, the meetup will be postponed/rescheduled/moved.
We had great backup plans, but they would require me to pay to host you, and I'm done doing that (+they were in another city).
Anyways, GM say:
"Thanks for registering to our meetup!
Unfortunately, due to an unexpected logistic issue, we will not be able to hold the event as planned.
We hope to be able to hold it at a future time and update accordingly."

I am sorry for the inconvenience and the disappointment. Trust me I am much more disappointed than you are, and it is time for you to get your companies to sponsor our meetup group on a yearly basis, so that no meetup will ever be cancelled or rescheduled again, ever.

I am leaving the original text in tact, because this meetup will happen at another time.

-----

Double registration alert:
Registration is mandatory and *will be checked* so please make sure you RSVP here, and in addition register in You absolutely have to register in this link, and carefully read the event guidelines there. It is IMPORTANT and we want you, by all means, to avoid any inconveniences (due to being lazy and not reading what I wrote CAREFULLY)

IMPORTANT: you can still submit a talk - and we are looking forward to your lightning talks. I gave an example of what a good lightning talk is in the Toka meetup (that we were unfortunately forbidden from publishing online) . Use the CFP, Luke. And please do it before March 17th. If you do it after it you will happily be considered for the next events.

More updates will come, including a MANDATORY additional registration link. Do not unsubscribe from updates - if you don't read the updates or otherwise follow our community rules, you will meet the consequences.
Everyone, including everyone MUST RSVP to the meetup event, and when time comes - fill the registration note. Respect your hosts!

AGENDA

5:30PM-6:00PM Gathering. Networking, High Fives, Hugs (Everyone @ Embedded Israel)

6:00PM-6:15PM Welcome notes: About Embedded Israel, community Building - Ron Munitz (Founder @ Embedded Israel)

6:30PM - 7:00PM Intro to Hardware Reverse Engineering - Dan Peled (Cyber Security Group Manager @ GM)
In this talk, "Intro to Hardware Reverse Engineering," we’ll cover the basics of embedded systems, printed circuit boards (PCBs), and techniques to physically access and analyze hardware.
We’ll explore common components, debug interfaces, and basic hardware defenses. By the end, attendees will have the essential skills to reverse engineer simple embedded devices and identify debug interfaces.

7:00PM - 7:10PM Networking break

7:10PM - 7:40PM Hacking HiSilicon Cameras for...Necessity (and hacking several million other devices while at it) - Ron Munitz (CoE @ The PSCG/PSCG Holdings LTD)
In this talk I will present the taxonomy of adding remote debugging and OTA-ing mechanisms to a popular COTS Security Camera device I have been working on for a while, a little while ago. The story starts with the why and how (Design house not very responsive on SW development features) remote debugging capabilities had to be updated, continues with some of the techniques used to understand the firmware structure, resulting in a self extracting archive that adds capabilities without the vendor support, and ends with the understanding that the same techniques can be used to take over millions of other, very similar devices. The main takeaway of this talk is that there is a thin line between being a Linux hacker, and being a hacker, but other takeaways include understanding supply chain (and time to market) fl[a|o]ws, common Embedded Linux filesystem structures, "security opportunities" when working with incompetent managers who experience their first Consumer device manufacturing and shipping, and last but not least, how the great nation of China can help you to PwN the masses as a by product, just because "it's there".

7:40PM-8:15PM: Pwn Without Own: Hacking $100K Gas Chromatograph Without Hardware - Vera Mens (Vulnerability Researcher @ Claroty/Team82)
ICS/OT research is tough without access to rare, expensive equipment. In this talk, we’ll show how we reverse-engineered a $100K Gas Chromatograph, leveraging its Ethernet capability to explore remote attack vectors. By disassembling the firmware and mapping key components, we fully emulated the device, reconstructed internal structures, and decoded proprietary protocols—all without physical access. Oh, and found a RCE vulnerability of course :)

8:15PM - Until we are kicked out Community Building / Lightning Talks / Networking

We are looking forward to seeing you, and having more people participate. As (almost) always, if you have something great to talk about - I am happy to "give up my spot" for you. And by all means, submit talks. Submit Lightning talks. Participate. Share the word. Have your organization sponsor the community - we are planning awesome things, and we want to always keep objective!

Last words: Everyone, including everyone registers. No one unsubscribes from updates. Please don't test us.

See you soon!