Into The Core - In-Depth Exploration of Windows 10 IoT Core

Presented at Black Hat USA 2016, Aug. 3, 2016, 3 p.m. (50 minutes).

The Internet of Things is becoming a reality, and more and more devices are being introduced into the market every day. With this, the demand for technology that would ease device management, improve device security, and facilitate data analytics increases as well.

One such technology is Windows 10 IoT Core, Microsoft's operating system aimed at small footprint, low cost devices. It offers device servicing and manageability, enterprise grade security, and - combined with Microsoft's Azure platform - data analytics in the cloud. Given these features, Microsoft Windows 10 IoT Core will likely play a significant role in the future of IoT. As such, understanding how this operating system works on a deep level is becoming important. Methods and techniques that would aid in assessing its security are also becoming essential.

In this talk I will first discuss the internals of the OS, including the security features and mitigations that it shares with the desktop edition. I will then enumerate the attack surface of a device running Windows 10 IoT Core as well as its potential susceptibility to malware. I will also talk about methods to assess the security of devices running Windows 10 IoT Core such as static/dynamic reverse engineering and fuzzing. I will end the talk with some recommendations on how to secure a Windows 10 IoT Core device.


Presenters:

  • Paul Sabanal - IBM Security X-Force
    Paul Sabanal is a Security Researcher on IBM Security's X-Force Advanced Research Team. He has more than 15 years of experience in computer security and mainly focuses on reverse engineering and vulnerability research. He has previously presented at conferences such as Blackhat and Hack In The Box on a variety of topics such as reverse engineering, sandbox vulnerabilities, and mobile security. His main research interests these days are in protection technologies, mobile malware, and IoT security.

Links:

Similar Presentations: