Peakaboo - I own you: Owning hundreds of thousands of devices with a broken HTTP packet

Presented at Wild West Hackin' Fest 2017, Oct. 27, 2017, 4 p.m. (45 minutes).

Imagine that you've purchased your small a cheap IP security camera to feel just a little better with your own physical security. Now imagine that the people who designed that camera know nothing about secure programming, security or programming at all. Imagine that your precious camera can be hijacked into a botnet with only one broken HTTP packet. Now stop imagining. In the end of 2016, my fellow researcher Yoav Orot and I published our research paper about hundreds of thousands of white labeled IP security cameras being vulnerable to a simple attack that allows an attacker to gain complete control of the camera, including code execution as root without any ability to patch. Our research was published in dozens of website and was even covered by security blogger Brian Krebs. We did not publish any technical details yet since we had to wait for the vendor's answer. This talk will dive deeply into the product, our research process and into the vulnerabilities themselves. I will walk through all of the steps in our research (from hardware hacking to firmware dumping and just plain old reversing) and demo the exploits and explain, step by step, where the developers went wrong, what could have been done to avoid this situation and why this problem is so severe. There will be root shells, there will be exploits, there will be tears. Attendees of this talk will leave with some insights about IoT security and embedded device hacking.


Presenters:

  • Amit Serper - Cybereason
    Amit leads the security research at Cybereason's Boston HQ. He specializes in low-level, vulnerability and kernel research, malware analysis and reverse engineering on Windows, Linux and macOS. He also has extensive experience researching , reverse engineering, and exploiting IoT devices of various kinds. Prior to joining Cybereason, Amit spent nine years leading security research projects and teams for an Israeli government intelligence agency, specifically in embedded systems security (or lack of).

Links:

Similar Presentations: