Energy Management Protocols (EMPs) are used in a variety of devices and environments. Their purpose is always the same: Controlling and measuring the energy consumption of connected devices. However, most EMPs are designed and implemented for embedded, non-IP environments, such as HDMI or home automation networks.
Cisco EnergyWise is a proprietary, closed-source protocol that brings EMPs to the main stream IP networks (e.g. by including EnergyWise clients in widely used notebooks and phones). The resulting broad deployment in a high number of environments, such as office networks (for example, ThinkPad notebooks include an EnergyWise Client in the default configuration) or even data centers (as power consumption is always a huge issue), leads to the potential to cause huge blackouts if EnergyWise is misconfigured or contains vulnerabilities which can be abused.
In this talk, we will describe our results on the EnergyWise architecture and protocol specification, present the reverse-engineered proprietary protocol , and show how you can hijack enerygwise domains in order to perform DoS service attacks. In addition, we will release our toolkit that implements all of the presented attacks.
Matthias is a seasoned auditor and pentester with vast experience in corporate environments. Over the years, he developed his own approach in evaluating and reviewing all kinds of applications, protocols, and technologies. He's one of the first researchers who revealed major design flaws and vulnerabilities in the approach of Data Leakage Prevention. He is a regular speaker at international security conferences and will happily share his knowledge with the audience.
Ayhan Soner Koca holds a B.Sc. in Computer Networking from Furtwangen University. He's currently focused on pen-testing, protocol reverse engineering, and fuzzing.