Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
"Hacking Internet of Things devices", Ivan Novikov
Search
OWASP Moscow
December 04, 2017
Technology
0
120
"Hacking Internet of Things devices", Ivan Novikov
OWASP Russia Meetup #2
OWASP Moscow
December 04, 2017
Tweet
Share
More Decks by OWASP Moscow
See All by OWASP Moscow
"Evolution of Application Security Programs through OWASP SAMM 2.0", Yan Kravchenko
owaspmoscow
0
330
«Проекты OWASP: SAMM выпуск 2», Тарас Иващенко, OZON
owaspmoscow
0
520
«Типичные ошибки реализации SMS-аутентификации», Ramazan (r0hack), DETEACT
owaspmoscow
0
760
«Dev, Sec, Oops: How Agile Security increases Attack Surface», Денис Макрушин
owaspmoscow
0
450
«From captcha to RCE. Сложности реализации механизма CAPTCHA в изолированных системах», Виталий Малкин
owaspmoscow
0
400
«OWASP Сheat Sheet Series. Microservices-based security architecture documentation», Александр Барабанов
owaspmoscow
0
460
«Проекты OWASP: следим за безопасностью 3rd-party-компонент с помощью Dependency Track», Тарас Иващенко, OZON.
owaspmoscow
0
450
«Будущее без паролей: про FIDO2/WebAuthN и не только», Сергей Белов, Mail.Ru Group.
owaspmoscow
0
390
«CTFZone, или как перестать ресёрчить и полюбить CTF», Никита Вдовушкин, BI.ZONE.
owaspmoscow
1
380
Other Decks in Technology
See All in Technology
Azureの基本的な権限管理の勉強会
yhana
0
280
自己改善からチームを動かす! 「セルフエンジニアリングマネージャー」のすゝめ
shoota
6
450
「スニダン」開発組織の構造に込めた意図 ~組織作りはパッションや政治ではない!~
rinchsan
3
560
DevOpsメトリクスとアウトカムの接続にトライ!開発プロセスを通して計測できるメトリクスの活用方法
ham0215
2
240
20分で完全に理解するGrafanaダッシュボード
hamadakoji
3
510
ChatworkのSRE部って実は 半分くらいPlatform Engineering部かもしれない
saramune
0
160
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
2.1k
MLOpsの「壁」を乗り越える、LINEヤフーの Data Quality as Code
lycorptech_jp
PRO
5
500
開発生産性向上サービスを作るFindyが自分たちで開発生産性を爆上げした組織づくりの歩み / Findy's path to boosting its own development productivity 2024-04-17
ma3tk
3
650
よく聞くけど使ったことないソフトウェアNo.1 KafkaとSnowflake
foursue
4
350
20240418_Google ColabにLLMが搭載されたようなのでPython x データ分析の勉強方法を考えてみる
doradora09
0
130
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
300
Featured
See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
2
1.3k
Adopting Sorbet at Scale
ufuk
68
8.6k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
5 minutes of I Can Smell Your CMS
philhawksworth
199
19k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Practical Orchestrator
shlominoach
182
9.7k
Clear Off the Table
cherdarchuk
84
310k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
Fantastic passwords and where to find them - at NoRuKo
philnash
37
2.5k
Building Adaptive Systems
keathley
31
1.9k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
6
1.5k
Building Flexible Design Systems
yeseniaperezcruz
319
37k
Transcript
OWASP Russia Meetup #2, 28/02/15 research Hacking Internet of Things
devices Ivan Novikov (@d0znpp)
Internet of Things. Story #1 • Take any device •
Find serial port (buttons + display) • Connect “WiFi to serial” module • Profit • What about this connecter cost? • What about this device cost?
Internet of Things. Story #2 • Take your exists device
(wifi router) • Make /dev/something with magic • Profit • What about this device cost?
AP at IoT device to configure • Encryption and credentials
(defaults) • Make sure that configuration interface disabled after initial setup How to connect IoT to your WiFi
Magic way (have a special name): • Enter your WiFi
SSID and password to app • Press ENTER • Profit • How it works? How to connect IoT to your WiFi
SSID+password encoding to $SP Find a network with this SSID
= $SP Catch broadcast packet Decode $SP to SSID and password Profit Connection magic
None
Hardcoded IP address Using as NTP service Firewalls legitimates Count
devices remotely Memory corruption vulnerability in response parsing function? Backdoor stories $ strings IoT-6235571.bin | egrep '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' 208.67.222.222 10.10.100.254 10.10.100.100 255.255.255.0 http://10.10.100.100/ 10.10.10.3 =DHCP,0.0.0.0,0.0.0.0,0.0.0.0 61.ZZZ.YYY.XXX netname: SHANGHAI-JIAOTONG-UNIVERSITY country: CN descr: Shanghai Jiaotong University mnt-by: MAINT-CN-CHINANET-ZJ-HZ role: CHINANET-ZJ Hangzhou address: No.352 Tiyuchang Road,Hangzhou,Zhejiang.310003 country: CN person: Zhihao Zhou nic-hdl: ZZ1073-AP
None
None
None
5/5 devices hacked (3 vendors) 3/5 backdoors found (2 vendors)
0/5 physical damage through IoT device Our stats
Taxonomy Methodology Check lists New OWASP chapter? Most important
External from Internet (CSRF+) WiFi guest (server-side) Neighbor (WiFi w/o
password) Vendor (backdoors) Retailer (firmware modifications after manufacturing) Attackers
https://www.owasp.org/index.php/IoT_Security _Checklist Criteria
The end Contacts: @wallarm, @d0znpp research
owaspmoscow
yhana
shoota
rinchsan
ham0215
hamadakoji
saramune
oracle4engineer
lycorptech_jp
ma3tk
foursue
doradora09
kaz1437
eileencodes
ufuk
reverentgeek
philhawksworth
addyosmani
shlominoach
cherdarchuk
garrettdimon
philnash
keathley
tammyeverts
yeseniaperezcruz
