Pedro Umbelino
Pedro Umbelino currently holds the position of Principal Research Scientist at Bitsight Technologies and brings over a decade of experience in dedicated security research.
His eclectic curiosity has led to the uncovering of vulnerabilities spanning a gamut of technologies, highlighting critical issues in multiple devices and software, ranging from your everyday smartphone to household smart vacuums, from the intricacies of HTTP servers to the nuances of NFC radio frequencies, from vehicle GPS trackers to protocol-level denial of service attacks.
Pedro is committed to advancing cybersecurity knowledge and has shared his findings at prominent conferences, including Bsides Lisbon, DEF CON, Hack.lu and RSA.
Session
Since the war(s) broke loose last years, a lot has been said about cyberwarfare, attacks on critical infrastructure, ICS/OT vulnerabilities, you name it. In this talk, we are going to talk about a specific set of ICS: Automated Tank Gauging (ATG) systems. These systems control the safe storage and management of fuel in critical infrastructures like gas stations, military bases, airports and hospitals.
We will discuss multiple (10) zero-day vulnerabilities that expose these systems to catastrophic risks, from environmental hazards to significant economic losses. Despite past warnings, thousands of ATG systems remain online, unprotected, and vulnerable to exploitation.
This track will talk about past ATG research, the new vulnerabilities found and their technical details, demonstrating how they can be exploited to gain unauthorized control over ATG systems. In the end, we will dive into our quest to cause physical damage remotely, in hopes of blowing up (our) gas station.