Weaponizing your Coffee Pot

Presented at DerbyCon 3.0 All in the Family (2013), Sept. 29, 2013, 11 a.m. (50 minutes).

As SoC price continue to drop and their implementation continues to rise, connected “appliances” (Internet of Things)will be become an attractive avenue for cyber criminals. Due to the fact they provide no traditional feedback (monitor) or input (mouse/keyboard) If one were able to compromise an embedded host it would be the perfect vantage point for a MITM attack or a beachhead to launch other attacks. I plan to guide you through some of the steps from initial reconnaissance to building binaries for different architectures. Then end goal being to take over the host without breaking designed functionality (stealthy), being able to run third party binaries at start (lethal), and surviving basic removal techniques (persistent) aka weaponizing. As part of this walkthrough I will be guiding you through the exploitation of the Belkin WeMo light switch appliance.

PoC of home automation gone bad: http://www.youtube.com/watch?v=BcW2q0aHOFo


Presenters:

  • Daniel Buentello
    I was previously a network engineer who would dabble in security from time to time. I changed paths and now enjoy doing infosec work for a living. In my spare time I perform research in the areas which interest me (primarily embedded hardware). I like to take a humble approach (any of assumptions I make are disregarded) which usually leads me down creative avenues of attacks.

Links:

Similar Presentations: