Imagine a cozy winter evening, it is snowing outside and you chill on the couch with a cup of tea in your hand.
Then suddenly.. someone hacks your heat pump and turns your home into an igloo. The only thing keeping you warm now is your tea.
I will present my journey into reverse engineering of Orca heat pump and present communication between heat pump’s controller and Orca web portal, how the controller is authenticated, and how the web portal validates and renders controller’s data. A remote takeover of any heat pump was discovered due to multiple weaknesses.
Speakers
Tom Kern
SecOps Automation Lead, Conscia MDR
Tom is a founding member of Conscia’s Managed Detection and Response service, now protecting over 250,000 endpoints across Europe. As SecOps Automation Lead, his contributions include technical architecture, detection engineering, and automating security operations.