Level: Advance Subject Matter

Abstract:
Imagine a cozy winter evening, it is snowing outside and you chill on the couch with a cup of tea in your hand.

Then suddenly.. someone hacks your heat pump and turns your home into an igloo. The only thing keeping you warm now is your tea.

I will present my journey into reverse engineering of Orca heat pump and present communication between heat pump’s controller and Orca web portal, how the controller is authenticated, and how the web portal validates and renders controller’s data. A remote takeover of any heat pump was discovered due to multiple weaknesses.

Bio:
Tom Kern is a founding member of NIL Managed Detection and Response service which is now protecting over 250.000 endpoints across Europe. His contributions include technical architecture, detection engineering and automated security operations.

Posted on Friday, February 27th, 2026 at 10:18 am in talks | rss feed for comments| Responses are currently closed, but you can trackback from your own site.