Upgrade to Pro — share decks privately, control downloads, hide ads and more …

"Hacking Internet of Things devices", Ivan Novikov

"Hacking Internet of Things devices", Ivan Novikov

OWASP Russia Meetup #2


OWASP Moscow

December 04, 2017

More Decks by OWASP Moscow

Other Decks in Technology


  1. OWASP Russia Meetup #2, 28/02/15 research Hacking Internet of Things

    devices Ivan Novikov (@d0znpp)
  2. Internet of Things. Story #1 • Take any device •

    Find serial port (buttons + display) • Connect “WiFi to serial” module • Profit • What about this connecter cost? • What about this device cost?
  3. Internet of Things. Story #2 • Take your exists device

    (wifi router) • Make /dev/something with magic • Profit • What about this device cost?
  4. AP at IoT device to configure • Encryption and credentials

    (defaults) • Make sure that configuration interface disabled after initial setup How to connect IoT to your WiFi
  5. Magic way (have a special name): • Enter your WiFi

    SSID and password to app • Press ENTER • Profit • How it works? How to connect IoT to your WiFi
  6. SSID+password encoding to $SP Find a network with this SSID

    = $SP Catch broadcast packet Decode $SP to SSID and password Profit Connection magic
  7. None
  8. Hardcoded IP address Using as NTP service Firewalls legitimates Count

    devices remotely Memory corruption vulnerability in response parsing function? Backdoor stories $ strings IoT-6235571.bin | egrep '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' =DHCP,,, 61.ZZZ.YYY.XXX netname: SHANGHAI-JIAOTONG-UNIVERSITY country: CN descr: Shanghai Jiaotong University mnt-by: MAINT-CN-CHINANET-ZJ-HZ role: CHINANET-ZJ Hangzhou address: No.352 Tiyuchang Road,Hangzhou,Zhejiang.310003 country: CN person: Zhihao Zhou nic-hdl: ZZ1073-AP
  9. None
  10. None
  11. None
  12. 5/5 devices hacked (3 vendors) 3/5 backdoors found (2 vendors)

    0/5 physical damage through IoT device Our stats
  13. Taxonomy Methodology Check lists New OWASP chapter? Most important

  14. External from Internet (CSRF+) WiFi guest (server-side) Neighbor (WiFi w/o

    password) Vendor (backdoors) Retailer (firmware modifications after manufacturing) Attackers
  15. https://www.owasp.org/index.php/IoT_Security _Checklist Criteria

  16. The end Contacts: @wallarm, @d0znpp research