CONverse London

A free event, dedicated to sharing our recent work and findings with the wider information security community.

Oct 04 2017
04 Oct 2017 04 Oct 2017 17:30 – 20:00
Context Offices 8th Floor, 11 Westferry Circus, London, UK, E14 4HD Show Map

Our Research team will be discussing their latest research into embedded network devices, such as the Virgin Media SuperHub2 and the Mitel Conference phone and the common vulnerabilities they have come across.

We'll also be joined by guest speaker, Harvey Lodder, Principal Security Engineer at Liberty Global (Parent Company of Virgin Media) - the largest internet service provider in the world - who will be providing insight into the challenges of product security at scale. 

Presentation Overview 

Product Security at Scale, Harvey Lodder

When performing security evaluations of new products for a service offering, there are multiple angles to consider. Harvey Lodder, Principal Security Engineer at Liberty Global, discusses the challenges faced by a large Multiple System Operator (MSO), providing some real world examples and highlighting the importance of fully understanding the attack surface. Harvey will cover the various pivot points of attacks on equipment based within the consumer’s premises and how seemingly insignificant details can result in a chain of events which lead to critical security flaws.

Harvey has worked within IT for more than 20 years, with his experience covering a wide range of OS and technologies across both LAN / WAN and Wireless. Within the security field he has been involved at MSO level looking at a wide range of products across multiple vendors, always prioritising the security of the customers and the corporate environment. 

Device Vulnerability Research for the Home and Office, Andy Monaghan & Jan Mitchell

The distinction between personal and business devices is rapidly diminishing as the embedded network devices become an ever greater presence in our lives. These devices provide us with access to shopping, banking, social media, but also with access to business networks for remote working. Given their importance, we need to ask ourselves just how secure is this equipment we trust to handle both personal and business critical data? Andy and Jan will describe some of our recent research into various devices, including one of the most popular home routers in the UK. We delve into the methodology we follow to identify vulnerabilities in a range of devices and highlight some common security issues we have seen during previous engagements.

Andy Monaghan, Principal Researcher at Context, has over 15 years of experience in the IT industry covering a variety of roles such as IT technician, Software Engineer, Technical Lead and Security Consultant in both the public and private sectors. His software engineering background means that Andy appreciates the pressure developers are under to deliver time-sensitive solutions, sometimes at the cost of robust security practices. This insight has proved invaluable to Andy in his current role which involves finding security flaws in both hardware and software products.

Jan Mitchell, Senior Researcher at Context, is a security specialist with 8 years' experience in secure software development and vulnerability research. Jan has previously specialised in low level development in C and assembly code, with a security focus, to create robust and secure software systems. Jan's current role allows him to use his experience to expose flaws and vulnerabilities in both software and hardware products on a range of different architectures and platforms.

CREST
CREST STAR
CHECK IT Health Check Service
CTAS - CESG Tailored Assurance Service
CBEST
Cyber Essentials
CESG Certified Product
CESG Certified Service
First - Improving Security Together
BSI ISO 9001 FS 581360
BSI ISO 27001 IS 553326