OWASP AppSec DC 2012/Real world backdoors on industrial devices

The Presentation
The ICS security, or the lack of, has been hogging the titles during the last months. The underlying issue behind this fact is that, in a post-stuxnet era, the industrial control systems are facing a totally new scenario, they are not a safe place anymore but a potential and valuable target. A lot of questions arise, but maybe the most important one is: are they prepared to face this threat? This presentation details the whole process of analyzing industrial devices, including methods such as reverse engineering and open source intelligence. The results of this approach are also elaborated, showing real cases of backdoors found on widely deployed PLCs and SmartMeters