What happened to your home? IoT Hacking and Forensic with 0-day

Presented at TROOPERS17 (2017), March 20, 2017, 10:30 a.m. (Unknown duration).

Nowadays Internet of Things(IoT) technology is prevalent along with Machine Learning and Big Data. It is a technology that connects computerized objects through a network like internet and communicates information with each other. From the smart factory to make efficient manufacturing process, to the electric heater that has remotely controllable function, IoT technology applied almost every home appliances and industrial machinery.

But as many computerized objects emerged and connected to the internet, incidents and cyber terrors utilizing IoT devices have been rapidly grown. And when it comes to investigating the incidents and collecting cyber evidences, There are differences between the IoT forensic and usual digital forensic as much as the system environment differences between the IoT devices and PCs and Servers. Also Limitation that never be seen in the digital forensic exists.

In this talk, We cover how to hack or exploit to IoT devices(Home electric appliances) and the IoT forensic including collecting the evidences in the IoT devices that damaged or utilized for cyber terror, extracting artifacts(i.e., log files) from the IoT devices infected by malware through the IoT forensic, and analyzing the attacker's invasion pathway remaining integrity of the evidence files extracted from the IoT devices.

And we will introduce not only 0-day vulnerabilities with exploits and useful tools developed by ourselves for the IoT forensic but also discuss the limitation of the IoT forensic. We have researched and exploited to one of home electric appliances(robot cleaner) made by a global electronic company (Probably you know which company it is).


Presenters:

  • Soohyun Jin
    Soohyun, he is not only a researcher in hacking and security academy called ‘Best of the Best(a.k.a BoB)', but also leader of digital forensic researching group in South Korea. These days, he researching exploit technique and forensic technique for home electric appliances.
  • Moonbeom Park
    Moonbeom, he is a deputy general researcher in TTPA(Trusted Third Party Agency) of Korea, has 10 years of experience in hacking analysis, digital forensic, research on hacking and forensic for IoT device, profiling hacking source. He is one of experts among government and private sector in fields of forensic, hacking analysis, hacker profiling, counter-attack on hackers. Also he has participated in various international security conference such as TROOPERS16, Hack In The Box, HITCON, Ekoparty, VXCON and RedPill.

Links:

Similar Presentations: