Presented at
Black Hat Asia 2017,
March 30, 2017, 11:45 a.m.
(60 minutes)
As we know, with the rapid increasing and widespread use of IoT devices, the security of IoT becomes more and more important. The recent massive DDoS attack launched from hacked IoT devices against Dyn was another urgent alert. While there're many bug bounty projects and contests about software security, there is nearly nothing about IoT security.<br />
<br />
So, we kicked off our IoT vulnerabilities reward program -- GeekPwn 3 years ago and have already collected over 100 security vulnerabilities and their detailed exploit techniques in routers, cameras, game consoles, and even network protocols etc.<br />
<br />
In this presentation, we will summarize all these real-world vulnerabilities and propose maybe the first systematic study of current IoT devices' security situation. In particular, we will explicate the technical details of some brilliant exploits, such as from multiple vulnerabilities (memory information leak CVE-2016-5367, file injection CVE-2016-5366, stack overflow CVE-2016-5365) to get remote root shell of a router, TCP challenge ACK information leak to hijack TCP and manipulate the traffic to the cloud (CVE-2016-5696) and so on.<br />
<br />
Our presentation will focus on many design misconceptions and implementation mistakes in the IoT devices, which may be easily overlooked by developers. By sharing those representative lessons, we hope to help IoT vendors improve the security of their products and enlighten security researchers interested in IoT.
Presenters:
-
Yuhao Song
- Security Researcher, GeekPwn Lab & KEEN
Yuhao Song is an employee and co-founder of KEEN. He's currently working as security researcher for GeekPwn program, focusing on security of IoT and smart devices.
-
Huiming Liu
- Security Researcher, GeekPwn Lab & Tencent Xuanwu Lab
Liu Huiming is a Security Researcher at XuanWu Lab, Tencent. His research interests lie in mobile security and network security.
Links:
Similar Presentations: