Untwining Twine

Presented at Black Hat USA 2013, July 31, 2013, 3:30 p.m. (60 minutes)

Over 14 years ago, Kevin Ashton was the first to coin the term "internet of things," and pointed out that data on the Internet is mostly created by humans. Things have changed considerably since 1999 - Lou Bega's Mambo No. 5 is no longer on the radio, many appliances ship with embedded systems that can be remotely monitored, and the smart home is something we're all excited for and terrified of.

Twine is a consumer device that provides remote environmental monitoring through a variety of sensors, such as moisture, temperature, vibration, etc... We will discuss our analysis of Twine, and will lead you through the steps taken to understand what's going on under the hood of a "black box" device. The audience will be introduced to the challenges faced, and to the different approaches that can be leveraged to understand (and exploit!) embedded devices (the fridge that tweets and similar devices). Topics include: capturing traffic on a non-proxy aware device, obtaining and reverse engineering the firmware, analyzing opaque binary traffic, emulating a Twine device and gaining console access via the debug serial port.

Presenters:

• Anson Gomes - iSEC Partners Inc.
  Anson Gomes is a security consultant/researcher at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Anson specializes in network and application security testing and has been tasked with a wide variety of engagements. Prior to working at iSEC, Anson graduated with a M.S. in Computer Science from NYU:Polytechnic.
• Jon Chittenden - iSEC Partners
  Prior to his employment with iSEC, Jonathan worked for the Air Force as a civilian. His roles consisted of reverse engineering malware for both signature and exploitation development. This experience enabled Jonathan to be comfortable working at a low-level with unknown protocols and binaries. During this time, he also assisted in the development of an open-source intelligence application to be used to identify indicators of compromise. During his employment with iSEC Partners, Jonathan has been tasked with a variety of engagements. Of which his memorable projects include code reviewing custom kernel modules to be used for virtualization and reverse engineering Android applications. Jonathan has also collaborated and presented on a tool called AWS Scout. Scout helps automate security assessments of several Amazon Web Services. The tool was showcased at Black Hat USA 2012 Arsenal and OWASP AppSec 2012 conference. Jonathan graduated with a M.S. in Cyber Security from NYU:Polytechnic and a BBA in Infrastructure Assurance and Information Security from UTSA.

Links:

• https://www.blackhat.com/us-13/archives.html#Chittenden
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2013/video/Black Hat 2013 - Untwining Twine.mp4
• https://www.youtube.com/watch?v=7_SwfToh0I8

Similar Presentations:

• BSidesLV 2016 / How to securely build your own IoT enabling embedded systems: from design to execution and assessment
• Black Hat USA 2015 / Using Static Binary Analysis to Find Vulnerabilities and Backdoors in Firmware
• 44CON 2019 / Making something out of something