IoT on Easy Mode

Presented at BSides Austin 2016, April 1, 2016, 2 p.m. (60 minutes)

Abstract: As technology matures we are seeing a trend of products that are now "smart." The problem is that seeing unfamiliar hardware intimidates some people from digging into these devices to find the flaws that could be taken advantage of. This talk is to show people how easy it really is to get into embedded device hacking while also expanding their knowledge outside of the x86/x86_64 space. By the end of this talk the audience will be encouraged to go out and start their journey into the embedded device world while having the tools that they need without having to spend money unless absolutely necessary. This talk will also cover the reasoning behind purchasing products such as a logic analyzer and the bricks walls I personally went through to justify the needs. Full Description: This talk will go over the following: How all of this research got started, the critical vulnerabilities I personally discovered in modern devices, the challenges and failures I personally had with techniques like blind fuzzing, the challenges I had with not having the knowledge or funds to get into hardware hacking, figuring out how to build an exploit for a vulnerability without the need of a remote debugger, how to get started into hardware hacking once you've exhausted all means on the software side of things, how to build an effective but cheap IoT hacking lab, how to cross compile and disassemble applications to quickly figure out CPU archs that a person may be unfamiliar with, discussion of the open source project "Damn Vulnerable Router Firmware", and how to put this all together quickly so everyone can start finding vulnerabilities in the products they own.

Presenters:

• Elvis Collado
  Elvis Collado is a Security Researcher for Praetorian with a primary focus in embedded devices. Elvis got into embedded device hacking ever since he discovered his first critical vulnerabilities in some of the devices he personally owned. He decided to migrate his research from the desktop space to the embedded space and wants to share what he has learned throughout his journey in hopes of inspiring people to dig into embedded devices as well.

Links:

• https://bsidesaustin2016.sched.com/event/6Dso/iot-on-easy-mode

Similar Presentations:

• 30C3 (2013) / An introduction to Firmware Analysis: Techniques - Tools - Tricks
• DEF CON 17 (2009) / Hardware Black Magic - Building devices with FPGAs
• BSidesSF 2016 / IoT on Easy Mode (Reversing Embedded Devices)