Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Hacking Internet of Things devices", Ivan Novikov

OWASP Moscow
December 04, 2017
Technology
0
120

"Hacking Internet of Things devices", Ivan Novikov

OWASP Russia Meetup #2

OWASP Moscow

December 04, 2017
Tweet

More Decks by OWASP Moscow

See All by OWASP Moscow
"Evolution of Application Security Programs through OWASP SAMM 2.0", Yan Kravchenko
owaspmoscow
0
420
«Проекты OWASP: SAMM выпуск 2», Тарас Иващенко, OZON
owaspmoscow
0
600
«Типичные ошибки реализации SMS-аутентификации», Ramazan (r0hack), DETEACT
owaspmoscow
0
850
«Dev, Sec, Oops: How Agile Security increases Attack Surface», Денис Макрушин
owaspmoscow
0
560
«From captcha to RCE. Сложности реализации механизма CAPTCHA в изолированных системах», Виталий Малкин
owaspmoscow
0
470
«OWASP Сheat Sheet Series. Microservices-based security architecture documentation», Александр Барабанов
owaspmoscow
0
540
«Проекты OWASP: следим за безопасностью 3rd-party-компонент с помощью Dependency Track», Тарас Иващенко, OZON.
owaspmoscow
0
530
«Будущее без паролей: про FIDO2/WebAuthN и не только», Сергей Белов, Mail.Ru Group.
owaspmoscow
0
470
«CTFZone, или как перестать ресёрчить и полюбить CTF», Никита Вдовушкин, BI.ZONE.
owaspmoscow
1
460

Other Decks in Technology

See All in Technology
Why App Signing Matters for Your Android Apps - Android Bangkok Conference 2024
akexorcist
0
120
BLADE: An Attempt to Automate Penetration Testing Using Autonomous AI Agents
bbrbbq
0
290
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
2
350
[CV勉強会@関東 ECCV2024 読み会] オンラインマッピング x トラッキング MapTracker: Tracking with Strided Memory Fusion for Consistent Vector HD Mapping (Chen+, ECCV24)
abemii
0
220
OCI Network Firewall 概要
oracle4engineer
PRO
0
4.1k
安心してください、日本語使えますよ―Ubuntu日本語Remix提供休止に寄せて― 2024-11-17
nobutomurata
0
980
Platform Engineering for Software Developers and Architects
syntasso
1
510
The Rise of LLMOps
asei
5
1.2k
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
380
第1回 国土交通省 データコンペ参加者向け勉強会③ - Snowflake x estie編 -
estie
0
120
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
370
サイバーセキュリティと認知バイアス:対策の隙を埋める心理学的アプローチ
shumei_ito
0
380

Featured

See All Featured
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
The Pragmatic Product Professional
lauravandoore
31
6.3k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
28
2k
Into the Great Unknown - MozCon
thekraken
32
1.5k
We Have a Design System, Now What?
morganepeng
50
7.2k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
329
21k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
159
15k
Raft: Consensus for Rubyists
vanstee
136
6.6k
Testing 201, or: Great Expectations
jmmastey
38
7.1k
The MySQL Ecosystem @ GitHub 2015
samlambert
250
12k
GraphQLとの向き合い方2022年版
quramy
43
13k
YesSQL, Process and Tooling at Scale
rocio
169
14k

Transcript

  1. OWASP Russia Meetup #2, 28/02/15 research Hacking Internet of Things

    devices Ivan Novikov (@d0znpp)

  2. Internet of Things. Story #1 • Take any device •

    Find serial port (buttons + display) • Connect “WiFi to serial” module • Profit • What about this connecter cost? • What about this device cost?

  3. Internet of Things. Story #2 • Take your exists device

    (wifi router) • Make /dev/something with magic • Profit • What about this device cost?

  4. AP at IoT device to configure • Encryption and credentials

    (defaults) • Make sure that configuration interface disabled after initial setup How to connect IoT to your WiFi

  5. Magic way (have a special name): • Enter your WiFi

    SSID and password to app • Press ENTER • Profit • How it works? How to connect IoT to your WiFi

  6. SSID+password encoding to $SP Find a network with this SSID

    = $SP Catch broadcast packet Decode $SP to SSID and password Profit Connection magic
  7. None

  8. Hardcoded IP address Using as NTP service Firewalls legitimates Count

    devices remotely Memory corruption vulnerability in response parsing function? Backdoor stories $ strings IoT-6235571.bin | egrep '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' 208.67.222.222 10.10.100.254 10.10.100.100 255.255.255.0 http://10.10.100.100/ 10.10.10.3 =DHCP,0.0.0.0,0.0.0.0,0.0.0.0 61.ZZZ.YYY.XXX netname: SHANGHAI-JIAOTONG-UNIVERSITY country: CN descr: Shanghai Jiaotong University mnt-by: MAINT-CN-CHINANET-ZJ-HZ role: CHINANET-ZJ Hangzhou address: No.352 Tiyuchang Road,Hangzhou,Zhejiang.310003 country: CN person: Zhihao Zhou nic-hdl: ZZ1073-AP
  9. None
  10. None
  11. None

  12. 5/5 devices hacked (3 vendors) 3/5 backdoors found (2 vendors)

    0/5 physical damage through IoT device Our stats

  13. Taxonomy Methodology Check lists New OWASP chapter? Most important

  14. External from Internet (CSRF+) WiFi guest (server-side) Neighbor (WiFi w/o

    password) Vendor (backdoors) Retailer (firmware modifications after manufacturing) Attackers

  15. https://www.owasp.org/index.php/IoT_Security _Checklist Criteria

  16. The end Contacts: @wallarm, @d0znpp research