hands on security for diy projects
play

Hands-on security for DIY projects A. Cervoise - PowerPoint PPT Presentation

Jan 06, 2023 •16 likes •976 views

Hands-on security for DIY projects A. Cervoise antoine.cervoise@gmail.com July 6, 2016 RMLL Sec 2016 1 / 96 Summary Introduction Who am I? IoT DIY IoT Bad examples (I played with) Control points RMLL Sec 2016 2 / 96 Antoine -

  1. Hands-on security for DIY projects A. Cervoise antoine.cervoise@gmail.com July 6, 2016 RMLL Sec 2016 1 / 96

  2. Summary Introduction Who am I? IoT DIY IoT Bad examples (I played with) Control points RMLL Sec 2016 2 / 96

  3. Antoine - @acervoise ◮ Pentester at NTT (Com) Security FR ◮ @ Univershell ◮ @Fabelier Paris ◮ Cigars smoker ◮ Music lover RMLL Sec 2016 3 / 96

  4. Who am I? Current projects ◮ Hardware password bruteforce ◮ IoT/DIY vulnerability research ◮ Control cigars cave humidity with Arduinos ◮ LeakyStorage: USB key with Wi-Fi ◮ Having fun with WebDev RMLL Sec 2016 4 / 96

  5. Summary Introduction Who am I? IoT DIY IoT Bad examples (I played with) Control points RMLL Sec 2016 5 / 96

  6. Internet of Things The internet of things (IoT) is the network of physical devices, vehicles, buildings and other itemsembedded with electronics, software, sensors, actuators, and network connectivity that enable these objects to collect and exchange data. Source: Wikipedia https://en.wikipedia.org/wiki/Internet of things RMLL Sec 2016 6 / 96

  7. Internet of Things RMLL Sec 2016 7 / 96

  8. Internet of Things RMLL Sec 2016 8 / 96

  9. Internet of Threats Pownable ◮ Fast development process ◮ People with hardware background, not software ◮ Security is done at the end (if there is still some times) RMLL Sec 2016 9 / 96

  10. Internet of Threats https://blog.kaspersky.com/blackhat-jeep-cherokee-hack-explained/9493/ RMLL Sec 2016 10 / 96

  11. Internet of Threats https://www.pentestpartners.com/blog/steal-your-wi-fi-key-from-your-doorbell-iot-wtf/ RMLL Sec 2016 11 / 96

  12. Internet of Threats http://www.bbc.com/news/technology-35232469 RMLL Sec 2016 12 / 96

  13. Internet of Threats RMLL Sec 2016 13 / 96

  14. Internet of Threats RMLL Sec 2016 14 / 96

  15. Internet of Things RMLL Sec 2016 15 / 96

  16. Internet of Threats RMLL Sec 2016 16 / 96

  17. Internet of Threats RMLL Sec 2016 17 / 96

  18. Notre attaque $ ls SmartDeal/u/aly aa.java ai.java ap.java ax.java bf.java bm.java ab.java a.java aq.java ay.java bg.java bn.java ac.java aj.java ar.java az.java bh.java bo.java ad.java ak.java as.java ba.java bi.java bp.java ae.java al.java at.java bb.java b.java bq.java af.java am.java au.java bc.java bj.java br.java ag.java an.java av.java bd.java bk.java bs.java ah.java ao.java aw.java be.java bl.java bt.java RMLL Sec 2016 18 / 96

  19. Notre attaque $ cat SmartDeal/u/aly/ap.java public static ap a(int paramInt) { switch (paramInt) { default: return null; case 0: return a; case 1: return b; } return c; } RMLL Sec 2016 19 / 96

  20. Internet of Threats https://www.virustotal.com/fr/file/fa789cd6357e1bb2ac84e55dd7c36a2691d5a603132b0716bd3b9d4f4fe6e630/analysis /1466692733/ RMLL Sec 2016 20 / 96

  21. Internet of Threats RMLL Sec 2016 21 / 96

  22. Internet of Threats RMLL Sec 2016 22 / 96

  23. Summary Introduction Who am I? IoT DIY IoT Bad examples (I played with) Control points RMLL Sec 2016 23 / 96

  24. DIY IoT Not the subject Commercial product with ◮ Central controller ◮ Hardware modules ◮ Smartphone apps RMLL Sec 2016 24 / 96

  25. DIY IoT RMLL Sec 2016 25 / 96

  26. DIY IoT http://makezine.com/2015/11/20/build-your-own-arduino-weather-station/ RMLL Sec 2016 26 / 96

  27. DIY ”ICS” Let’s brew beer ◮ Control beer process ◮ Industrials use ICS (Industrial Control System) ◮ Homebrewers use BrewPi RMLL Sec 2016 27 / 96

  28. DIY ”ICS” Siemens ICS for Brasserie de Meaux RMLL Sec 2016 28 / 96

  29. DIY ”ICS” BrewPi ◮ Hack a fridge ◮ Solder BrewPi ◮ Assembly case ◮ Install software RMLL Sec 2016 29 / 96

  30. DIY ”ICS” BrewPi (without authentication) web interface Pull request for authentication by nzjoel1234: https://github.com/BrewPi/brewpi-www/pull/61 RMLL Sec 2016 30 / 96

  31. DIY IoT Bad examples through ◮ Blogs ◮ Magazines ◮ Vendors And control points to improve your DIY projects RMLL Sec 2016 31 / 96

  32. Summary Introduction Bad examples (I played with) Network Remote control / Authentication Case App Cloud Control points RMLL Sec 2016 32 / 96

  33. Let’s add network Example ◮ Ethernet ◮ Wi-Fi ◮ Using USB RMLL Sec 2016 33 / 96

  34. Ethernet shield RMLL Sec 2016 34 / 96

  35. Ethernet shield Problems ◮ HTTPS not supported ◮ HTTP server: Developers generally do not implement authentication ◮ TCP/IP stack allowing IDLE Scan ◮ Weird behaviour as a server? RMLL Sec 2016 35 / 96

  36. Ethernet shield # hping3 -SA 192.168.100.2 -p 80 -c 1 HPING 192.168.100.2 (eno1 192.168.100.2): SA set, 40 headers + 0 data bytes len=46 ip=192.168.100.2 ttl=128 DF id=5 sport=80 flags=SA seq=0 win=2048 rtt=3.9 ms --- 192.168.100.2 hping statistic --- 1 packets transmitted, 1 packets received, 0% packet loss RMLL Sec 2016 36 / 96

  37. Ethernet shield # hping3 -c 5 -p 80 192.168.100.2 HPING 192.168.100.2 (eno1 192.168.100.2): NO FLAGS are set, 40 headers + 0 data bytes len=46 ip=192.168.100.2 ttl=128 DF id=6 sport=80 flags=R seq=0 win=0 rtt=3.9 ms len=46 ip=192.168.100.2 ttl=128 DF id=7 sport=80 flags=R seq=1 win=0 rtt=3.8 ms len=46 ip=192.168.100.2 ttl=128 DF id=8 sport=80 flags=R seq=2 win=0 rtt=3.8 ms len=46 ip=192.168.100.2 ttl=128 DF id=9 sport=80 flags=R seq=3 win=0 rtt=3.8 ms len=46 ip=192.168.100.2 ttl=128 DF id=10 sport=80 flags=R seq=4 win=0 rtt=3.7 ms RMLL Sec 2016 37 / 96

  38. Ethernet shield Having fun ◮ MiTM ◮ nmap ◮ Nessus RMLL Sec 2016 38 / 96

  39. Wi-fi https://startingelectronics.org/tutorials/arduino/ethernet-shield-web-server-tutorial/web-server-LED-control/ RMLL Sec 2016 39 / 96

  40. Ethernet shield Having fun ◮ MiTM: it works ◮ nmap: it works ◮ Nessus: it works but... RMLL Sec 2016 40 / 96

  41. Ethernet shield First scan: classic policy RMLL Sec 2016 41 / 96

  42. Ethernet shield Second scan: customized policy RMLL Sec 2016 42 / 96

  43. Ethernet shield After Nessus ◮ MCU was hot ◮ Arduino program was not loading ◮ Arduino worked back after re-uploading the sketch RMLL Sec 2016 43 / 96

  44. Wi-Fi RMLL Sec 2016 44 / 96

  45. Wi-Fi Problems ◮ As for the Ethernet Shield (not tried yet) ◮ Store a (your?) Wi-Fi key RMLL Sec 2016 45 / 96

  46. Wi-Fi Read the ihex $ cd arduino-1.6.9/hardware/tools/avr/bin $ ./avrdude_bin -p m328p -P /dev/ttyACM0 -c arduino -U flash:r:unicorn-diy-project.hex:i -C ../etc/avrdude.conf Convert to bin RMLL Sec 2016 46 / 96

  47. Notes about avrdude Use -C option $ cd arduino-1.6.9/hardware/tools/avr/bin $ ./avrdude_bin -p m328p -P /dev/ttyACM0 -c arduino -U flash:r:unicorn-diy-project.hex:i avrdude: can’t open config file "/home/jenkins/jenkins/ jobs/toolchain-avr-linux64/ workspace/objdir/etc/ avrdude.conf": No such file or directory avrdude: error reading system wide configuration file " /home/jenkins/jenkins/ jobs/toolchain-avr-linux64/ workspace/objdir/etc/avrdude.conf" RMLL Sec 2016 47 / 96

  48. Notes about avrdude Extracted file is Intel HEX format, conversion to bin import bincopy f = bincopy.File() with open("unicorn-diy-project.hex", "r") as fin: f.add_ihex(fin) print f.as_binary() https://pypi.python.org/pypi/bincopy RMLL Sec 2016 48 / 96

  49. Wi-Fi $ strings unicorn-diy-project.bin !P1 /_?O N__Oa /_?O N__Oa f’x/ [...] yourHiddenKey yourSSID Attempting to connect to WPA network... Couldn’t get a wifi connection RMLL Sec 2016 49 / 96

  50. Wi-Fi When uploading a new program, flash is not fully erased RMLL Sec 2016 50 / 96

  51. Wi-Fi bin file reprogrammed bin file !P1 !P1 /_?O /_?O N__Oa N__Oa /_?O /_?O N__Oa N__Oa f’x/ f’x/ [...] [...] yourHiddenKey yourHiddenKey yourSSID yourSSID Attempting to connect Attempting to connect to to WPA network... WPA network... Couldn’t get a wifi Couldn’t get a wifi connection connection RMLL Sec 2016 51 / 96

  52. Let’s full memory RMLL Sec 2016 52 / 96

  53. Protection This may be bypass using Goodfet http://electronics.stackexchange.com/questions/53282/protecting-avr-flash-from-reading-through-isp RMLL Sec 2016 53 / 96

  54. ”Free” network ”shield” A computer using Processing http://playground.arduino.cc/Interfacing/Processing RMLL Sec 2016 54 / 96

  55. ”Free” network ”shield” Example - Connected light bulb ◮ From: Getting Started with Arduino: The Open Source Electronics Prototyping Platform (Make) ◮ Changing bulb color depending of peace, love and arduino words occurency on a blog ◮ Internet access through serial with Processing RMLL Sec 2016 55 / 96

  56. ”Free” network ”shield” Problems ◮ Do not let default pi accounts ◮ On Linux users need to be in dialout group RMLL Sec 2016 56 / 96

  57. ”Free” network ”shield” Do not sudo processing Do sudo usermod -a -G dialout YouUsername RMLL Sec 2016 57 / 96

  58. Summary Introduction Bad examples (I played with) Network Remote control / Authentication Case App Cloud Control points RMLL Sec 2016 58 / 96

  59. Remote control/Authentication Example ◮ Infra Red ◮ Radio ◮ RFID RMLL Sec 2016 59 / 96

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 6 Firewalls & VPNs Topics Firewall Fundamentals Case

881 views • 51 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 3 Network Protocol Attacks Roadmap Network security The

502 views • 39 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 1 Fundamental Tools Roadmap Review of generally useful tools

592 views • 35 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Module 4 Password Strength & Cracking Roadmap Password

750 views • 31 slides
Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J.

Hands-On Network Security: Practical Tools & Methods Security Training Course Dr. Charles J. Antonelli The University of Michigan 2012 Hands-On Network Security Introduction Introduction Welcome to the course! Instructor: Dr.

678 views • 10 slides
Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research

Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research

Hands Overview Outline Existing hands Robot hands of the 80s Commercial hands Research hands Prosthetics Design issues Kinematics Compliance Sensing Actuation Control Robustness Evaluation Discussion Hands of the 80s Hirose

237 views • 22 slides
Security Hands-on @ Pavilion Automate Security Operations with Phantom & Splunk Splunk |

Security Hands-on @ Pavilion Automate Security Operations with Phantom & Splunk Splunk |

Security Hands-on @ Pavilion Automate Security Operations with Phantom & Splunk Splunk | Security Markets September 26 | Washington, DC The Leader in Security Automation & Orchestration Phantom Community Growing Larger Each Day

450 views • 8 slides
Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly

Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly

Security Hands-on @ Pavilion Stream + NetFlow for Security & Insider Threat Detection Kelly Feagans | Sales Engineering September 2017 | Washington, DC Objective OBJECTIVE Learn how to use NetFlow with the Splunk Stream Forwarder for

444 views • 20 slides
Lecture 08: When disaster strikes and all else fails Hands-on Unix system administration DeCal

Lecture 08: When disaster strikes and all else fails Hands-on Unix system administration DeCal

Lecture 08: When disaster strikes and all else fails Hands-on Unix system administration DeCal 2012-10-22 1 / 27 Projects groups of four people Projects Tools of the submit one form per group with trade Disasters proposed

291 views • 27 slides
Outline Existing hands Robot hands of the 80s Commercial hands Research hands Prosthetics

Outline Existing hands Robot hands of the 80s Commercial hands Research hands Prosthetics

Outline Existing hands Robot hands of the 80s Commercial hands Research hands Prosthetics Design issues Kinematics Compliance Sensing Actuation Control Robustness Evaluation Discussion Design Issues - Kinematics How many / which

561 views • 18 slides
Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by

Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by

Free Technology Workshop Hacking Hands on with wireless LAN routers, packet capture and wireless security Organised by Steven Gordon Bangkadi 3 rd floor IT Lab 10:30-13:30 Friday 18 July 2014 http://ict.siit.tu.ac.th/moodle/ _______

795 views • 48 slides
The iLab Experience a blended learning hands-on course concept you set the focus WWW Security /

The iLab Experience a blended learning hands-on course concept you set the focus WWW Security /

The iLab Experience a blended learning hands-on course concept you set the focus WWW Security / Your Exercise Topic Pitch 2018-05-8 10.4. Kick Off, IPv6 1 IPv6 BGP 17.4. 2 Minilab 1 2 mini labs Advanced Wireless Playground BGP 24.4.

646 views • 40 slides
Education at Ohio State The short story Hands-on projects involving networked sensor nodes in

Education at Ohio State The short story Hands-on projects involving networked sensor nodes in

Experiments in Sensing, Networking, and STEM Education at Ohio State The short story Hands-on projects involving networked sensor nodes in our introductory courses in networking and distributed computing since ~2003 Evolved from graduate to

277 views • 11 slides
Lecture 09: VMs and VCS head in the clouds Hands-on Unix system administration DeCal 2012-10-29

Lecture 09: VMs and VCS head in the clouds Hands-on Unix system administration DeCal 2012-10-29

Lecture 09: VMs and VCS head in the clouds Hands-on Unix system administration DeCal 2012-10-29 1 / 20 Projects groups of four people Projects Virtualization submit one form per group with OCF Head in the clouds usernames,

578 views • 20 slides
RFID attacks and proxmark hands-on @ KirilsSolovjovs +4fd9 About me Programming sysad

RFID attacks and proxmark hands-on @ KirilsSolovjovs +4fd9 About me Programming sysad

RFID attacks and proxmark hands-on @ KirilsSolovjovs +4fd9 About me Programming sysad networking IT security for the past 10+ y Owner and Lead Researcher at Possible Security Hacking and breaking things

946 views • 19 slides
BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September

BLOWING THE COVER: HANDS-ON ANALYSIS OF HANDCRAFTED ANDROID MALWARE Alex Reshetniak | September 26 2018 About Me Senior Security Researcher @ Lookout B.S. in Information Security More than 5 years working in Information Security

663 views • 31 slides
M2-01 M2-01a M2-01b Cuneiform Tablet of the Atrahasis Epic, including the story of the

M2-01 M2-01a M2-01b Cuneiform Tablet of the Atrahasis Epic, including the story of the

M2-01 M2-01a M2-01b Cuneiform Tablet of the Atrahasis Epic, including the story of the Flood M2-02 Relief of the Flood (from Shuppurak) M2-03 M1-56 The Ruins of the City of Kish M2-03a M2-03b The Ruins of the City of Nippur M2-04

544 views • 28 slides
M2-01a Noah and his sons M3-01 M1-86 M1- M2-58a M3-02 M1-56 M3-03 Cuneiform Library

M2-01a Noah and his sons M3-01 M1-86 M1- M2-58a M3-02 M1-56 M3-03 Cuneiform Library

M2-01a Noah and his sons M3-01 M1-86 M1- M2-58a M3-02 M1-56 M3-03 Cuneiform Library Ebla: M3-04 M2-01a Philistine Astarte Statuettes M3-05 Statuettes of Ishtar M3-06 Enheduanna Relief of M3-07 Relief of Enheduanna M3-08 M2-58a

627 views • 45 slides
ETHIOPIA ETHIOPIA David Mlchi GLOBAL NETWORKS SOLUTIONS AFRICA PLC University of Zurich. 27

ETHIOPIA ETHIOPIA David Mlchi GLOBAL NETWORKS SOLUTIONS AFRICA PLC University of Zurich. 27

Private Equity in ETHIOPIA ETHIOPIA David Mlchi GLOBAL NETWORKS SOLUTIONS AFRICA PLC University of Zurich. 27 th November 2015 www.gnsafrica.com david.muelchi@gnsafrica.com 1 WHY ETHIOPIA ? 2 WHY Ethiopia? 1. Stability and Security 2.

1.22k views • 14 slides
9 MultiFreedom Constraints I IFEM Ch 9 Slide 1 Department of Engineering Mechanics PhD.

9 MultiFreedom Constraints I IFEM Ch 9 Slide 1 Department of Engineering Mechanics PhD.

Department of Engineering Mechanics PhD. TRUONG Tich Thien Introduction to FEM 9 MultiFreedom Constraints I IFEM Ch 9 Slide 1 Department of Engineering Mechanics PhD. TRUONG Tich Thien Introduction to FEM Multifreedom Constraints

626 views • 16 slides
Maintaining Momentum After Tenure, or Avoiding the Now What? Syndrome Assorted Viewpoints

Maintaining Momentum After Tenure, or Avoiding the Now What? Syndrome Assorted Viewpoints

Maintaining Momentum After Tenure, or Avoiding the Now What? Syndrome Assorted Viewpoints Assembled by Sheila Hemami School of Electrical & Computer Engineering Cornell University S. S. Hemami-PAESMEM June 2004 Areas to Consider

118 views • 8 slides
7/29/2020 Complete your member profile at www.ndsccenter.org Keep uptodate with NDSC

7/29/2020 Complete your member profile at www.ndsccenter.org Keep uptodate with NDSC

7/29/2020 Complete your member profile at www.ndsccenter.org Keep uptodate with NDSC get our ENews, Policy & Advocacy Newsline, Action Alerts, and more Stay tuned for our Fall Learning Series, with options for

370 views • 19 slides
W.A.L. to write a newspaper report Today we are going to write the first half our newspaper report

W.A.L. to write a newspaper report Today we are going to write the first half our newspaper report

Tues write a newspaper report.notebook October 19, 2020 W.A.L. to write a newspaper report Today we are going to write the first half our newspaper report about the incident which happened to Auggie at the Nature Reserve. Words you may need

247 views • 3 slides
TREC Deep Learning Track Nick Craswell (Microsoft), Bhaskar Mitra (Microsoft and UCL), Emine Yilmaz

TREC Deep Learning Track Nick Craswell (Microsoft), Bhaskar Mitra (Microsoft and UCL), Emine Yilmaz

TREC Deep Learning Track Nick Craswell (Microsoft), Bhaskar Mitra (Microsoft and UCL), Emine Yilmaz (UCL), Daniel Campos (Microsoft and UW) Deep Learning Track Deep models learn an intricate representation of a large-scale dataset Here:

443 views • 12 slides

More recommend