How to get STUNned? presented at NoConName 2017

by Jakub Korepta,

Summary : Down the Rabbit-Hole! Have you also been stunned by last year's Mirai - how many insecure devices have public IP? Well, you will get really STUNned when you find out how many more devices you can pwn. I will show you how using Session Traversal Utilities for NAT jump through firewalls directly to millions of cameras, doorbells, baby monitors, etc. not exposed publicly and build mirai^4. So far botnets abused simple hardcoded administrative credentials (Mirai) and recently various vulnerabilities (IoT reaper) in publicly accessible devices. Presents a new, yet to be exploited possibility - how to take control over devices hidden behind NAT, but using so-called P2P protocol