IoT Hacking – Brainwashing Embedded Systems

Learning the secret incantations to make embedded systems carry out your will is not as hard as one might think. In the world of IoT, the hardened system is rare and most times a firmware image is more than enough to find and exploit weakness. Embedded devices are flooding corporate and home networks with limited insight into product security.

This session teaches attendees how to evaluate devices regularly deployed on enterprise networks. Learning the techniques utilized by attackers will help enterprise admins vet devices intended for deployment while also helping companies that develop these devices identify how attackers work. Additionally, the deep dive into android applications designed to interact with these IoT devices may help software developers identify flaws in their own application design.

Participants will be provided with a customized Kali Linux virtual appliance and given access to several consumer devices for analysis. These techniques have been successfully employed by the author to identify over 100 CVEs on embedded/IoT devices as well as to win the 0-day and CTF tracks in the DEF CON 22 SOHOpelessly Broken router hacking competition.

Attendees will find their day divided into three sections covering everything needed to become an IoT Security Expert.

Trainer: Craig Young (Tripwire)
Max participants: 40
Cost: $399 (full conference attendee)
/ $499 (Expo attendee)

Please note this is a repeat of the IoT Hacking course offered at SecTor 2016


Section One: Firmware Analysis

In this section, attendees will learn how to crack open firmware and look inside, where an infinite number of vulnerabilities and configuration issues can be identified.

Section Two: Shell Access

Gaining access to the shell opens the door to a number of interesting investigative techniques. Attendees will learn what to look for and how to quickly identify the interesting pieces of information.

Section Three: Finding Additional Attack Vectors

Many IoT Devices manufacturers release “support” applications for Android and IOS. These applications often leak information and communication techniques that are not otherwise documented. Investigation of these applications can lead to the discovery of additional information that will provide useful insight into the devices and possible paths of attack. In addition to supporting applications, IoT vendors often add WiFi to their products, making them more useful in today’s interconnected environment. The addition of WiFi means additional security risks, attendees will be shown some of the common flaws built into the WiFi implementations in these products.

Agenda: Monday Nov 13th 2017

10:00 – 10:30 Introductions and setup
10:30 – 11:00 Working with Firmware
11:00 – 11:10 Break
11:10 – 12:15 Web Vulnerabilities
12:15 – 13:00 Lunch
13:00 – 14:10 Stealing Passwords and Getting Root
14:10 – 14:35 Android Tools
14:35 – 14:45 Break
14:45 – 16:15 Universal Plug n’ Play
16:15 – 17:00 Open Lab

This session is recommended for:

  • Enterprise Security Admins
  • Software Developers
  • Pen Testers
  • Information Security Students

Attendees should come prepared with a laptop capable of running x86-based virtual machines and VM Software (Virtual Box or VMware). Attendees should have a basic understanding of Linux and HTTP in order to get the most out of this session.

Craig Young Bio:

Craig Young is a computer security researcher with Tripwire’s Vulnerability and Exposures Research Team (VERT). He has identified and responsibly disclosed dozens of vulnerabilities in products from Google, Amazon, IBM, NETGEAR, Adobe, HP, Apple, and others. His research has resulted in numerous CVE assignments and repeated recognition in the Google Application Security Hall of Fame. Craig’s presentations on Google authentication weaknesses have led to considerable security improvements for all Google users. Craig won in track 0 and track 1 of the first ever SOHOpelessly Broken contest at DEF CON 22 by demonstrating 10 0-day flaws in SOHO wireless routers. His research into iOS WiFi problems exposed CVE-2015-3728 that could allow devices to inadvertently connect to malicious hot spots.