GoPro or GTFO: A Tale of Reversing an Embedded System

Presented at DEF CON 21 (2013), Aug. 3, 2013, 5 p.m. (20 minutes)

Embedded systems are shrinking in size and becoming widely used in many consumer devices. High quality optic sensors and lenses are also shrinking in size. The GoPro Hero 3 camera leverages high quality camera equipment with multiple embedded operating systems to offer not only great imagery, but an interesting platform to explore and understand.

We'll explore the hardware used in the device to handle imaging, networking, and other I/O. We will disect the camera software, giving the audience a look at how the camera functions. We will explain the multiple layers of software running on the device, and show attack surfaces exposed to attackers.

We will present ways to turn the GoPro into a remote audio/video bug. We'll present some interesting ways to interface existing software with the AV capabilities, and present a library to control the device remotely.

Presenters:

• Zach Lanier - Senior Research Consultant, Accuvant Labs
  Zach Lanier (@quine) is a Senior Research Consultant with Accuvant LABS, specializing in network, mobile and web application security. Prior to joining Accuvant LABS, Lanier served as Security Researcher with Veracode, and Principal Consultant with Intrepidus Group. He has spoken at a variety of security conferences, including Black Hat, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the upcoming "Android Hacker's Handbook".
• Todd Manning - Senior Research Consultant, Accuvant Labs
  Todd Manning (@tmanning) is a research consultant at Accuvant Labs where he is focused on reverse engineering and vulnerability discovery on a wide range of platforms including mobile, smart grid, and network security equipment. His independent research covers topics involving reverse engineering of the code, file formats, and protocols used in various consumer products. He was previously Manager of Security Research at BreakingPoint Systems. He's an avid stand-up paddleboarder, a volunteer with his local school district, and frequent participant in the Austin Hackers Association.

Links:

• https://defcon.org/html/defcon-21/dc-21-speakers.html#Manning
• https://infocon.org/cons/DEF CON/DEF CON 21/DEF CON 21 video and slides/DEF CON 21 - Todd Manning and Zach Lanier - GoPro or GTFO A Tale of Reversing an Embedded System - Video and Slides.mp4 (Video and Slides)
• https://www.youtube.com/watch?v=nofJJoj5iys

Similar Presentations:

• DEF CON 17 (2009) / A Low Cost Spying Quadrotor for Global security Applications Using Hacked Commercial Digital Camera
• DEF CON 27 (2019) / Say Cheese - How I Ransomwared Your DSLR Camera
• DEF CON 18 (2010) / Exploiting Digital Cameras