Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Hacking Internet of Things devices", Ivan Novikov
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
OWASP Moscow
December 04, 2017
Technology
0
140
"Hacking Internet of Things devices", Ivan Novikov
OWASP Russia Meetup #2
OWASP Moscow
December 04, 2017
Tweet
Share
More Decks by OWASP Moscow
See All by OWASP Moscow
"Evolution of Application Security Programs through OWASP SAMM 2.0", Yan Kravchenko
owaspmoscow
0
600
«Проекты OWASP: SAMM выпуск 2», Тарас Иващенко, OZON
owaspmoscow
0
720
«Типичные ошибки реализации SMS-аутентификации», Ramazan (r0hack), DETEACT
owaspmoscow
0
980
«Dev, Sec, Oops: How Agile Security increases Attack Surface», Денис Макрушин
owaspmoscow
0
720
«From captcha to RCE. Сложности реализации механизма CAPTCHA в изолированных системах», Виталий Малкин
owaspmoscow
0
580
«OWASP Сheat Sheet Series. Microservices-based security architecture documentation», Александр Барабанов
owaspmoscow
0
630
«Проекты OWASP: следим за безопасностью 3rd-party-компонент с помощью Dependency Track», Тарас Иващенко, OZON.
owaspmoscow
0
640
«Будущее без паролей: про FIDO2/WebAuthN и не только», Сергей Белов, Mail.Ru Group.
owaspmoscow
0
580
«CTFZone, или как перестать ресёрчить и полюбить CTF», Никита Вдовушкин, BI.ZONE.
owaspmoscow
1
570
Other Decks in Technology
See All in Technology
JAWS Days 2026 楽しく学ぼう! 認証認可 入門/20260307-jaws-days-novice-lane-auth
opelab
10
1.7k
OCI Security サービス 概要
oracle4engineer
PRO
2
13k
A Gentle Introduction to Transformers
keio_smilab
PRO
2
1k
AWS DevOps Agent vs SRE俺 / AWS DevOps Agent vs me, the SRE
sms_tech
3
530
JAWSDAYS2026_A-6_現場SEが語る 回せるセキュリティ運用~設計で可視化、AIで加速する「楽に回る」運用設計のコツ~
shoki_hata
0
3k
Oracle Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
5
1.2k
最強のAIエージェントを諦めたら品質が上がった話 / how quality improved after giving up on the strongest AI agent
kt2mikan
0
150
Security Diaries of an Open Source IAM
ahus1
0
210
[JAWSDAYS2026][D8]その起票、愛が足りてますか?AWSサポートを味方につける、技術的「ラブレター」の書き方
hirosys_
3
120
vLLM Community Meetup Tokyo #3 オープニングトーク
jpishikawa
0
320
JAWS FESTA 2025でリリースしたほぼリアルタイム文字起こし/翻訳機能の構成について
naoki8408
1
300
20260311 ビジネスSWG活動報告(デジタルアイデンティティ人材育成推進WG Ph2 活動報告会)
oidfj
0
260
Featured
See All Featured
B2B Lead Gen: Tactics, Traps & Triumph
marketingsoph
0
74
Google's AI Overviews - The New Search
badams
0
930
Test your architecture with Archunit
thirion
1
2.2k
Leveraging LLMs for student feedback in introductory data science courses - posit::conf(2025)
minecr
1
190
We Have a Design System, Now What?
morganepeng
55
8k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
290
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
320
GraphQLとの向き合い方2022年版
quramy
50
14k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
130
HDC tutorial
michielstock
1
530
Building the Perfect Custom Keyboard
takai
2
710
What the history of the web can teach us about the future of AI
inesmontani
PRO
1
460
Transcript
OWASP Russia Meetup #2, 28/02/15 research Hacking Internet of Things
devices Ivan Novikov (@d0znpp)
Internet of Things. Story #1 • Take any device •
Find serial port (buttons + display) • Connect “WiFi to serial” module • Profit • What about this connecter cost? • What about this device cost?
Internet of Things. Story #2 • Take your exists device
(wifi router) • Make /dev/something with magic • Profit • What about this device cost?
AP at IoT device to configure • Encryption and credentials
(defaults) • Make sure that configuration interface disabled after initial setup How to connect IoT to your WiFi
Magic way (have a special name): • Enter your WiFi
SSID and password to app • Press ENTER • Profit • How it works? How to connect IoT to your WiFi
SSID+password encoding to $SP Find a network with this SSID
= $SP Catch broadcast packet Decode $SP to SSID and password Profit Connection magic
None
Hardcoded IP address Using as NTP service Firewalls legitimates Count
devices remotely Memory corruption vulnerability in response parsing function? Backdoor stories $ strings IoT-6235571.bin | egrep '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' 208.67.222.222 10.10.100.254 10.10.100.100 255.255.255.0 http://10.10.100.100/ 10.10.10.3 =DHCP,0.0.0.0,0.0.0.0,0.0.0.0 61.ZZZ.YYY.XXX netname: SHANGHAI-JIAOTONG-UNIVERSITY country: CN descr: Shanghai Jiaotong University mnt-by: MAINT-CN-CHINANET-ZJ-HZ role: CHINANET-ZJ Hangzhou address: No.352 Tiyuchang Road,Hangzhou,Zhejiang.310003 country: CN person: Zhihao Zhou nic-hdl: ZZ1073-AP
None
None
None
5/5 devices hacked (3 vendors) 3/5 backdoors found (2 vendors)
0/5 physical damage through IoT device Our stats
Taxonomy Methodology Check lists New OWASP chapter? Most important
External from Internet (CSRF+) WiFi guest (server-side) Neighbor (WiFi w/o
password) Vendor (backdoors) Retailer (firmware modifications after manufacturing) Attackers
https://www.owasp.org/index.php/IoT_Security _Checklist Criteria
The end Contacts: @wallarm, @d0znpp research
owaspmoscow
opelab
oracle4engineer
keio_smilab
sms_tech
shoki_hata
kt2mikan
ahus1
hirosys_
jpishikawa
naoki8408
.png){kind=avatar}
oidfj
marketingsoph
badams
thirion
minecr
morganepeng
akashhashmi
jct
quramy
tmiket
michielstock
takai
inesmontani
