SLIDE 1
The Internet of Vulnerabilities
Research Lead IoT | Rapid7
Research Lead (IoT) Rapid7
The Internet of Vulnerabilities Deral Heiland Research Lead IoT | - - PowerPoint PPT Presentation
The Internet of Vulnerabilities Deral Heiland Research Lead IoT | - - PowerPoint PPT Presentation
The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7 Deral Heiland CISSP Research Lead (IoT) Rapid7 IoT Research Effective Methodology Functional Evaluation Device Reconnaissance Cloud & Web APIs Mobile & Control
SLIDE 2
SLIDE 3
IoT Research
SLIDE 4
SLIDE 5
Effective Methodology
Functional Evaluation Device Reconnaissance Cloud & Web APIs Mobile & Control Applications Network Physical Embedded hardware Inspection Physical Device Attacks Radio (RF)
SLIDE 6
IoT Hacking
SLIDE 7
A Few Fun Projects
Automated lighting solutions BLE tracking dongles Telepresence robots GPS Panic buttons
SLIDE 8
Automated Lighting
- Unencrypted Storage
- Poor Encryption
- Unauthenticated control
- Embedded Web Vulns
SLIDE 9
SLIDE 10
SLIDE 11
SLIDE 12
SLIDE 13
#Set up data to send to port 4000 $data1 = "\x83\x00\x00\xe3\x03\x00\x00\x00\x01"; $data2 = pack('a33',"$SSID"); $data3 = pack('a69',"$WPAPSK"); $data4 = "\x04\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; $send_data = join "", $data1, $data2, $data3, $data4;
SLIDE 14
Telepresence Robot
- Insecure cloud APIs
- Information Leakage
- Bluetooth Pairing
SLIDE 15
https://api.doublerobotics.com/api/v1/session/?limit=1&offset=xxxxxxx&format=json
SLIDE 16
https://api.doublerobotics.com/api/v1/installation/?limit=1&offset=xxxxxxx&format=json
SLIDE 17
SLIDE 18
BLE Dongles
- Unauthenticated Access
- Week BLE pairing
- Information Leakage
- Insecure cloud API
SLIDE 19
https://phonehalocloud.appspot.com/rest/tracker/00000f7c-541088d9
SLIDE 20
GPS Panic Button
- Poor Design
- None SSL communication
- Bounds checks
- Realtime WWW Fail
SLIDE 21
SLIDE 22
SLIDE 23
SLIDE 24
SLIDE 25
SLIDE 26
SLIDE 27