GoPro or GTFO: A Tale of Reversing an Embedded System presented at DEFCON 2013

by Zach Lanier, Todd Manning,

Summary : Embedded systems are shrinking in size and becoming widely used in many consumer devices. High quality optic sensors and lenses are also shrinking in size. The GoPro Hero 3 camera leverages high quality camera equipment with multiple embedded operating systems to offer not only great imagery, but an interesting platform to explore and understand.
We'll explore the hardware used in the device to handle imaging, networking, and other I/O. We will disect the camera software, giving the audience a look at how the camera functions. We will explain the multiple layers of software running on the device, and show attack surfaces exposed to attackers.
We will present ways to turn the GoPro into a remote audio/video bug. We'll present some interesting ways to interface existing software with the AV capabilities, and present a library to control the device remotely.

Zach Lanier: Zach is a Senior Consultant with the Intrepidus Group, specializing in network and web application penetration testing. Prior to joining Intrepidus Group's professional services team, Zach served as Senior Network Security Analyst at Harvard Business School, and Security Assessment Practice Manager at Rapid7. Both Jon and Zach have presented at numerous security conferences (eg. BlackHat, CanSecWest, SOURCE Boston, SecTor, etc).