Access control manufacturers are less concerned with a sister talk:
Attacking Physical Access Systems
This talk will move beyond the card and explore all of the PACS components. After an overview of the components and architecture, we’ll discuss their unique attack surfaces, and how to locate them. Finally, we’ll put all of the attacks together to achieve complete takeover.
The manufacturers should have some fun with them and lock them in the conference room...
This article appears to have a little more detail.
Steve, thanks for sharing.
I wonder what weight those legal threats are based on. What's the grounds?
I imagine it's more to scare than real substance.
I'm not buying it, sorry everybody.
The article says:
The consultant for Zurich-based Ptrace Security found holes in pricey IP cameras sold on the shopping site for up to $600. Each camera vendor made claims about the high security integrity of its hardware, yet all were found to be hackable over the internet.
An unnamed vendor caught up in the research hit Gnesa with a legal threat after he prepared to present his work at the Hack in the Box conference in Singapore next week.
So, just one vendor threatened him? And he decided it was too risky?
Over a camera hack disclosure? pleeeeeze!
He couldn't show any of the other manufacturers cameras? Surely, he could find enough material to get thru the talk with, no?
Anyway, worst case could have just done a 7-day responsible disclosure of a flaw or two, first.
Is anyone actually winning cases against pen testers anyway? Even zero-day ones?