Solving the (in)security of home networked devices

Presented at VB2015, Oct. 1, 2015, 9 a.m. (30 minutes)

In the past few years, there has not been a *VB* conference without a talk about someone hacking the devices they have at home. Be they routers, NAS-es or 'smart' TVs, there is always one thing in common - the vendors ignore the problems and refuse to patch their products. We are developing an automated vulnerability scanner intended to test devices without our code running on them. The intention is to educate users about the misconfigurations and vulnerabilities that are detectable from another device in the network. Integrating such a scanner into consumer AV brings home network security to a new level and increases user awareness of those issues. We will present the technology and the challenges we faced on the way towards accomplishing this goal via maximizing the impact of even the simplest vulnerability scans. A single researcher reporting an issue is simply not enough pressure to affect manufacturers' decisions. But what if we could make millions of users report the problem to their vendors or start replacing their devices with more secure ones?

Presenters:

• Martin Smarda - Avast Software
  Martin Smarda Martin Smarda is a member of AVAST Software's Virus Lab where he has worked as a malware analyst since the spring of 2012. A year after joining AVAST he graduated with honours and received his Master's degree in systems programming from the Czech Technical University in Prague. He loves low-level programming and understanding how things work inside. Therefore he strives for new experiences and knowledge in many different fields. Currently, his primary focus is on fighting Windows malware and on developing tools for automating it. His life outside the world of computers consists of working for his family's farm, riding horses and educating people in an environmentally-friendly lifestyle.
• Pavel Sramek - Avast Software
  Pavel Sramek Pavel Sramek joined AVAST Software's Virus Lab as a malware analyst in early 2012 and received his Master's degree in systems programming after graduating with honours from the Czech Technical University in Prague the following year. During his studies, he was always fascinated by the magic of low-level programming, which quickly grew into an interest in reverse engineering. Although dealing mostly with Windows malware, he prefers a versatile approach to his work, mixing reversing with writing custom automation tools and never focusing at one particular area for too long. When not sitting in front of a computer monitor, he enjoys traveling around the world, photography and alpine skiing.

Links:

• https://www.virusbulletin.com/conference/vb2015/abstracts/solving-security-home-networked-devices
• https://www.virusbulletin.com/uploads/pdf/conference_slides/2015/SramekSmarda-VB2015.pdf
• https://www.virusbulletin.com/virusbulletin/2016/12/vb2015-paper-solving-security-home-networked-devices/

Similar Presentations:

• TROOPERS16 (2016) / How easy to grow robust botnet with low hanging fruits (IoT) - for free
• May Contain Hackers (MCH2022) / A Smart Light Hacking Journey
• ToorCon San Diego 17 (2015) / The Consumerization of Home Insecurity