Home Invasion v2.0 - Attacking Network-Controlled Hardware

Presented at Black Hat USA 2013, Aug. 1, 2013, 5 p.m. (Unknown duration)

A growing trend in electronics is to have them integrate with your home network in order to provide potentially useful features like automatic updates or to extend the usefulness of existing technologies such as door locks you can open and close from anywhere in the world. What this means for us as security professionals or even just as people living in a world of network-connected devices is that being compromised poses greater risk than before.

Once upon a time, a compromise only meant your data was out of your control. Today, it can enable control over the physical world resulting in discomfort, covert audio/video surveillance, physical access or even personal harm. If your door lock or space heater are compromised, you're going to have a very bad day. This talk will discuss the potential risks posed by network-attached devices and even demonstrate new attacks against products on the market today.

Presenters:

• David Bryan / VideoMan   as David Bryan
  David has more then 10 years of computer security experience, including pentesting, consulting, engineering, and administration. As an active participant in the information security community, he volunteers at DEFCON, where he designs and implements the firewall and network for what is said to be the most hostile network environment in the world. In his spare time he runs the local DEFCON group, DC612, is the president of The Hack Factory, and helps to run Thotcon as an OPER.
• Daniel Crowley / unicornFurnace - Trustwave - SpiderLabs   as Daniel Crowley
  Daniel is a Managing Consultant for Trustwave's SpiderLabs team. Daniel has developed configurable testbeds such as SQLol, XSSmh and XMLmao for training and research regarding specific vulnerabilities. Daniel has been working in the information security industry since 2004 and is a frequent speaker at conferences including DEFCON, Shmoocon, and SOURCE.
• Jennifer Savage / savagejen - Tabbedout   as Jennifer Savage
  Jennifer is a software engineer that cares about secure development. In her professional life, she has been tackling some of the harder questions surrounding security and privacy in the mobile payments industry. In her spare time, she has been hacking home electronics.

Links:

• https://www.blackhat.com/us-13/archives.html#Crowley
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2013/video/Black Hat 2013 - Home Invasion v2.0 - Attacking Network-Controlled Hardware.mp4
• https://www.youtube.com/watch?v=PSRPE49lGYw
• https://media.blackhat.com/us-13/US-13-Crowley-Home-Invasion-2-0-Slides.pdf
• https://media.blackhat.com/us-13/US-13-Crowley-Home-Invasion-2-0-WP.pdf
• https://media.blackhat.com/us-13/US-13-Crowley-HomeInvasion2-0-Source-Code.zip

Similar Presentations:

• DEF CON 21 (2013) / Home Invasion 2.0 - Attacking Network-Controlled Consumer Devices
• ToorCon San Diego 18 (2016) / Let's Get Physical: Network Attacks Against Physical Security Systems
• DEF CON 24 (2016) / Let's Get Physical: Network Attacks Against Physical Security Systems