There is a latent distrust of the growing "Internet Of Things" market. The data collected by them is becoming more personal all while proliferation of internet connected devices is continuing without regard to privacy or security. Recent news stories has consumers concerned not only with privacy but also surveillance and data handling. There is no trusted third-party "consumer advocacy" for privacy and security of mobile apps and embedded systems. The designs of these systems make traditional software based security (like "anti-virus" or "end-point detection") virtually impossible. And if you don't think this is going to be a huge problem: Recent research demonstrates that a significant number of the nodes used in CURRENT DDoS attacks are actually compromised embedded devices NOT user end-points....So, the shift has already begun.The "internet of things" is not just newfangled consumer devices however. I'll talk a bit about this and a recurring trend we see in these network enabled embedded systems: something we call the "uncanny valley" that gives rise no only to vulnerabilities but also huge tools gaps for software and hardware security research. This talk will catalog some of our experiences at Xipiter exploiting these kinds of embedded systems. From trivial "exploitation" to the more advanced hardware exploitation and binary exploitation techniques. We'll talk about how we've applied these techniques to everything from Payment systems and Game Consoles to more esoteric devices like Gaming systems (lottery, casino, etc) and Industrial Controls Systems. We'll also talk about about the custom hardware we've developed (and sell to researchers at http://int3.cc) to help us with this stuff also demonstrates the "tools gap".