Welcome to the Interactive Agenda for the 2016 ICS Cyber Security Conference! (View the full ICS Cyber Security Conference website here)  This agenda is currently a work in progress, please check back often as our team is making upates DAILY. (You can register for the conference here)
Monday, October 24 • 9:45am - 10:30am
Hacking IEEE 802.15.4/WirelessHART From the Ground Up

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

WirelessHART is a wireless sensor networking technology based on the Highway Addressable Remote Transducer Protocol (HART). In short WirelessHART is widely used in the SCADA/ICS field.

For this reason ensuring its deployment and implementation from a security point of view becomes critical. The main issue is that at the moment there are not tools to properly audit and/or challenge it from a security perspective. No detailed information is available which makes it challenging to conduct vulnerability development research against it.

Our presentation will cover the research it was required to build a WirelessHART fuzzing platform. From acquiring information, choosing targets, development platform (hardware and software), reverse engineering third party implementation and trial and error we went though while developing hour WirelssHART fuzzing platform.


  • Researching WirelessHART

  • Understanding the protocol

  • Reverse Engineering Third Party implementations

  • Designing and Building a WirelessHART Fuzzing platform

  • Hardware Platform

  • Transmitter

  • WH debugging (Sniffing and Dissecting)

  • Triggering and Catching crashes

  • Case study

  • Demo 

What is Wireless WirelessHART? WikiPedia desribes WirelessHART as "a wireless sensor networking technology based on the Highway Addressable Remote Transducer Protocol (HART). The protocol utilizes a time synchronized, self-organizing, and self-healing mesh architecture. The protocol supports operation in the 2.4 GHz ISM band using IEEE 802.15.4 standard radios. Backward compatibility with the HART “user layer” allows transparent adaptation of HART compatible control systems and configuration tools to integrate new wireless networks and their devices, as well as continued use of proven configuration and system-integration work practices. It on the estimated 25 million HART field devices installed, and approximately 3 million new wired HART devices shipping each year. In September 2008, Emerson became the first process automation supplier to begin production shipments for its WirelessHART enabled products."

avatar for Sergio Alvarez

Sergio Alvarez

Security Researcher and Reverse Engineer, Applied Risk
Sergio Alvarez is an security researcher and reverse engineer at Applied Risk, with over 15 of experience in vulnerability research, exploit development and both blackbox and whitebox application pentesting. Sergio has found numerous critical security vulnerabilities in widely deployed... Read More →

Monday October 24, 2016 9:45am - 10:30am EDT
Workshop 1 (Salon 3)