The IoT (R)evolution : from software to (firm)ware presented at BSidesCDMX 2019

by Martin Hron,

Summary : We’re living in an era of revolution when our homes and offices are being slowly populated with smart devices which are going to outnumber computers and mobile phones soon. But are we really aware of the risks? We are used to malware on computers. But do we really know what’s inside IoT devices?.Continuation of the story of “how to become a hacker in a few minutes”, this talk shows you on one particular use case how easy is today, with respect to IoT security, to pivot and infiltrate someone’s network using IoT device. We present you a case of the camera, coffee maker and router which in orchestration allow the attacker to take over and bring down the network without (almost) any user interaction. We’ll discuss how to use insecure IoT and vulnerabilities for pivoting inside victims network and why the IoT problem is a matter of trust. Live demo of the attack chain that renders the network inoperable and held for ransom.