GoPro or GTFO: A Tale of Reversing an Embedded System

Presented at DEF CON 21 (2013), Aug. 3, 2013, 5 p.m. (20 minutes).

Embedded systems are shrinking in size and becoming widely used in many consumer devices. High quality optic sensors and lenses are also shrinking in size. The GoPro Hero 3 camera leverages high quality camera equipment with multiple embedded operating systems to offer not only great imagery, but an interesting platform to explore and understand.

We'll explore the hardware used in the device to handle imaging, networking, and other I/O. We will disect the camera software, giving the audience a look at how the camera functions. We will explain the multiple layers of software running on the device, and show attack surfaces exposed to attackers.

We will present ways to turn the GoPro into a remote audio/video bug. We'll present some interesting ways to interface existing software with the AV capabilities, and present a library to control the device remotely.


Presenters:

  • Todd Manning - Senior Research Consultant, Accuvant Labs
    Todd Manning (@tmanning) is a research consultant at Accuvant Labs where he is focused on reverse engineering and vulnerability discovery on a wide range of platforms including mobile, smart grid, and network security equipment. His independent research covers topics involving reverse engineering of the code, file formats, and protocols used in various consumer products. He was previously Manager of Security Research at BreakingPoint Systems. He's an avid stand-up paddleboarder, a volunteer with his local school district, and frequent participant in the Austin Hackers Association.
  • Zach Lanier - Senior Research Consultant, Accuvant Labs
    Zach Lanier (@quine) is a Senior Research Consultant with Accuvant LABS, specializing in network, mobile and web application security. Prior to joining Accuvant LABS, Lanier served as Security Researcher with Veracode, and Principal Consultant with Intrepidus Group. He has spoken at a variety of security conferences, including Black Hat, INFILTRATE, ShmooCon, and SecTor, and is a co-author of the upcoming "Android Hacker's Handbook".

Links:

Similar Presentations: