Let's Talk About SOAP, Baby. Let's Talk About UPNP

Presented at DEF CON 23 (2015), Aug. 9, 2015, 2 p.m. (60 minutes).

Whether we want it to be or not, the Internet of Things is upon us. Network interfaces are the racing stripes of today's consumer device market. And if you put a network interface on a device, you have to make it do something right? That's where a Simple Object Access Protocol (SOAP) service comes in. SOAP services are designed with ease-of-access in mind, many times at the expense of security. Ludicrous amounts of control over device functionality, just about every category of vulnerability you can think of, and an all-around lack of good security practice about sums it up. In this talk, I will discuss this growing attack surface, demonstrate different methods for attacking/fuzzing it, and provide plenty of examples of the many dangers of insecure SOAP/ UPnP interfaces on embedded and "smart" devices along the way.

Presenters:

• Ricky Lawshae / HeadlessZeke - Security Researcher, HP TippingPoint   as Ricky "HeadlessZeke" Lawshae
  Ricky "HeadlessZeke" Lawshae is a Security Researcher for DVLabs at HP TippingPoint with a medium-sized number of years' experience in professionally voiding warranties. He has spoken at the DEF CON, Recon, Insomni'hack, and Ruxcon security conferences, and is an active participant in the extensive Austin, TX hacker community. In his meager spare time, he enjoys picking locks, reading comic books, and drinking expensive beers. Twitter: @HeadlessZeke

Links:

• https://defcon.org/html/defcon-23/dc-23-speakers.html#Lawshae
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Ricky Lawshae - Lets Talk About SOAP Baby - Lets Talk About UPNP - Slides.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Ricky Lawshae - Lets Talk About SOAP Baby - Lets Talk About UPNP - Video.mp4
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Ricky Lawshae - Lets Talk About SOAP Baby - Lets Talk About UPNP - Video and Slides.mp4 (Video and Slides)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 slides/DEF CON 23 - Ricky Lawshae - Lets Talk About SOAP Baby - Lets Talk About UPNP - Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video and slides/DEF CON 23 - Ricky Lawshae - Lets Talk About SOAP Baby - Lets Talk About UPNP - Video and Slides.srt (subtitles)
• https://infocon.org/cons/DEF CON/DEF CON 23/DEF CON 23 video/DEF CON 23 - Ricky Lawshae - Lets Talk About SOAP Baby - Lets Talk About UPNP - Video.srt (subtitles)
• https://www.youtube.com/watch?v=dT0b5DWq9b8

Similar Presentations:

• DEF CON 19 (2011) / UPnP Mapping
• REcon 2005 / Web Application Hacking
• 44CON 2019 / Making something out of something