Network Exploitation of IoT Ecosystems

Presented at LayerOne 2019, May 25, 2019, 1 p.m. (60 minutes).

Internet of Things (IoT) ecosystems are comprised of a large variety of connected devices that are rife with “smart” features and textbook vulnerabilities. With the advent of ever growing interconnection and interoperability of all these devices, protocols that focus on automation have been developed throughout the years. These often assume an environment with cooperating participants – something that rarely happens in the real world. The fast market pace also leads manufacturers to marginalize security as having low return on investment. IoT devices are usually embedded with low-energy and low processing capabilities, deprioritizing security robustness as a result. All of the above combined make for ecosystems with lots of inherent weaknesses. In this talk we are going to present techniques and attacks on network protocols and insecure implementations commonly found in IoT ecosystems. We are going to explore how penetration testers can abuse zeroconf networking protocols like UPnP, mDNS, WS-Discovery and others to conduct a variety of attacks and how to combine a chain of seemingly lower risk findings into an impactful attack. Other IoT security angles will be explored as well: from the default insecurity of video streaming protocols like RTP, heavily used by networked cameras, to the growing usage of IPv6 and what that entails in terms of the security posture of the IoT world.


Presenters:

  • Fotios “Fotis” Chantzis
    Fotis (@ithilgore) Chantzis is a principal information security engineer at Mayo Clinic, where he manages and conducts technical vulnerability assessments on medical devices and clinical support systems as well as penetretation tests and red team engagements on the network. Fotis has over 10 years of experience in the information security industry, which includes time spent researching network protocol vulnerabilities and developing security tools. He has been a contributor to the Nmap project since 2009, when he wrote the Ncrack network authentication cracking tool, which he still maintains, and has published a video course on “Mastering Nmap”. His research on network security includes exploiting the TCP Persist Timer (published on Phrack #66) and inventing a new stealthy port scanning technique by abusing the popular XMPP. His most recent research focus has been on medical device & IoT security.

Links:

Similar Presentations: