Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Hacking Internet of Things devices", Ivan Novikov
Search
OWASP Moscow
December 04, 2017
Technology
160
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
"Hacking Internet of Things devices", Ivan Novikov
OWASP Russia Meetup #2
OWASP Moscow
December 04, 2017
More Decks by OWASP Moscow
See All by OWASP Moscow
"Evolution of Application Security Programs through OWASP SAMM 2.0", Yan Kravchenko
owaspmoscow
0
630
«Проекты OWASP: SAMM выпуск 2», Тарас Иващенко, OZON
owaspmoscow
0
740
«Типичные ошибки реализации SMS-аутентификации», Ramazan (r0hack), DETEACT
owaspmoscow
0
1k
«Dev, Sec, Oops: How Agile Security increases Attack Surface», Денис Макрушин
owaspmoscow
0
730
«From captcha to RCE. Сложности реализации механизма CAPTCHA в изолированных системах», Виталий Малкин
owaspmoscow
0
610
«OWASP Сheat Sheet Series. Microservices-based security architecture documentation», Александр Барабанов
owaspmoscow
0
660
«Проекты OWASP: следим за безопасностью 3rd-party-компонент с помощью Dependency Track», Тарас Иващенко, OZON.
owaspmoscow
0
660
«Будущее без паролей: про FIDO2/WebAuthN и не только», Сергей Белов, Mail.Ru Group.
owaspmoscow
0
610
«CTFZone, или как перестать ресёрчить и полюбить CTF», Никита Вдовушкин, BI.ZONE.
owaspmoscow
1
590
Other Decks in Technology
See All in Technology
DMM.com 購入改善推進チーム におけるCodeRabbitを用いた レビューフロー改善の一例
ysknsid25
2
640
Gen3R: 3D Scene Generation Meets Feed-Forward Reconstruction
spatial_ai_network
0
130
Devsumi 2026 Summer 人もAIも使える共通基盤を事業の加速装置にする~デザインシステム運用に学ぶ組織レバレッジ~ 渡辺 凌央
legalontechnologies
PRO
0
150
大量データに対しても、生成AIを用いてリーズナブルにデータ加工をしたい!Databricksのai_queryについて調べてみた
kamoshika
1
150
Control Planeで育てるBtoB SaaSの認証基盤 - SRE NEXT 2026
pokohide
1
2.4k
脱金融のフューチャー・デザイン / Future Design Beyond Finance
ks91
PRO
0
150
End-to-Endで考える信頼性 —LINEアプリにおけるクライアント開発×SRE連携の実践
maruloop
4
4.3k
AmplifyHostingConstructからSSRフレームワークのためのホスティング設計を考察する/amplify-hosting-construct
fossamagna
1
100
CDKで書くECSのベストプラクティス、 改めて考え直す2026 #cdkconf2026
makies
1
480
“それは自分の仕事じゃない"を越えて行け
yuukiyo
1
370
プロダクトだけじゃない、社内プロセスにおける自動化・省力化ノススメ
kakehashi
PRO
1
3.8k
AIと共生する開発者プラットフォーム:バクラクのモノレポ×マイクロサービス基盤
sakajunquality
2
3.6k
Featured
See All Featured
SERP Conf. Vienna - Web Accessibility: Optimizing for Inclusivity and SEO
sarafernandez
2
1.5k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
800
Why Our Code Smells
bkeepers
PRO
340
58k
Designing Experiences People Love
moore
143
24k
Everyday Curiosity
cassininazir
0
250
Tips & Tricks on How to Get Your First Job In Tech
honzajavorek
1
570
The Mindset for Success: Future Career Progression
greggifford
PRO
0
410
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.8k
Measuring & Analyzing Core Web Vitals
bluesmoon
9
880
New Earth Scene 8
popppiees
3
2.4k
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
63
55k
Making Projects Easy
brettharned
120
6.7k
Transcript
OWASP Russia Meetup #2, 28/02/15 research Hacking Internet of Things
devices Ivan Novikov (@d0znpp)
Internet of Things. Story #1 • Take any device •
Find serial port (buttons + display) • Connect “WiFi to serial” module • Profit • What about this connecter cost? • What about this device cost?
Internet of Things. Story #2 • Take your exists device
(wifi router) • Make /dev/something with magic • Profit • What about this device cost?
AP at IoT device to configure • Encryption and credentials
(defaults) • Make sure that configuration interface disabled after initial setup How to connect IoT to your WiFi
Magic way (have a special name): • Enter your WiFi
SSID and password to app • Press ENTER • Profit • How it works? How to connect IoT to your WiFi
SSID+password encoding to $SP Find a network with this SSID
= $SP Catch broadcast packet Decode $SP to SSID and password Profit Connection magic
None
Hardcoded IP address Using as NTP service Firewalls legitimates Count
devices remotely Memory corruption vulnerability in response parsing function? Backdoor stories $ strings IoT-6235571.bin | egrep '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' 208.67.222.222 10.10.100.254 10.10.100.100 255.255.255.0 http://10.10.100.100/ 10.10.10.3 =DHCP,0.0.0.0,0.0.0.0,0.0.0.0 61.ZZZ.YYY.XXX netname: SHANGHAI-JIAOTONG-UNIVERSITY country: CN descr: Shanghai Jiaotong University mnt-by: MAINT-CN-CHINANET-ZJ-HZ role: CHINANET-ZJ Hangzhou address: No.352 Tiyuchang Road,Hangzhou,Zhejiang.310003 country: CN person: Zhihao Zhou nic-hdl: ZZ1073-AP
None
None
None
5/5 devices hacked (3 vendors) 3/5 backdoors found (2 vendors)
0/5 physical damage through IoT device Our stats
Taxonomy Methodology Check lists New OWASP chapter? Most important
External from Internet (CSRF+) WiFi guest (server-side) Neighbor (WiFi w/o
password) Vendor (backdoors) Retailer (firmware modifications after manufacturing) Attackers
https://www.owasp.org/index.php/IoT_Security _Checklist Criteria
The end Contacts: @wallarm, @d0znpp research