Learning the secret incantations to make embedded systems carry out your will is not as hard as one might think. In the world of IoT, the hardened system is rare and most times a firmware image is more than enough to find and exploit weakness. Embedded devices are flooding corporate and home networks with limited insight into product security.
This session teaches attendees how to evaluate devices regularly deployed on enterprise networks. Learning the techniques utilized by attackers will help enterprise admins vet devices intended for deployment while also helping companies that develop these devices identify how attackers work. Additionally, the deep dive into android applications designed to interact with these IoT devices may help software developers identify flaws in their own application design.
Participants will be provided with a customized Kali Linux virtual appliance and given access to several consumer devices for analysis. These techniques have been successfully employed by the author to identify over 100 CVEs on embedded/IoT devices as well as to win the 0-day and CTF tracks in the DEF CON 22 SOHOpelessly Broken router hacking competition.
Attendees will find their day divided into three sections covering everything needed to become an IoT Security Expert.