Tweet
Tweet

Slide 1

Slide 1 text

OWASP Russia Meetup #2, 28/02/15 research Hacking Internet of Things devices Ivan Novikov (@d0znpp)

Slide 2

Slide 2 text

Internet of Things. Story #1 • Take any device • Find serial port (buttons + display) • Connect “WiFi to serial” module • Profit • What about this connecter cost? • What about this device cost?

Slide 3

Slide 3 text

Internet of Things. Story #2 • Take your exists device (wifi router) • Make /dev/something with magic • Profit • What about this device cost?

Slide 4

Slide 4 text

AP at IoT device to configure • Encryption and credentials (defaults) • Make sure that configuration interface disabled after initial setup How to connect IoT to your WiFi

Slide 5

Slide 5 text

Magic way (have a special name): • Enter your WiFi SSID and password to app • Press ENTER • Profit • How it works? How to connect IoT to your WiFi

Slide 6

Slide 6 text

SSID+password encoding to $SP Find a network with this SSID = $SP Catch broadcast packet Decode $SP to SSID and password Profit Connection magic

Slide 7

Slide 7 text

No content

Slide 8

Slide 8 text

Hardcoded IP address Using as NTP service Firewalls legitimates Count devices remotely Memory corruption vulnerability in response parsing function? Backdoor stories $ strings IoT-6235571.bin | egrep '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' 208.67.222.222 10.10.100.254 10.10.100.100 255.255.255.0 http://10.10.100.100/ 10.10.10.3 =DHCP,0.0.0.0,0.0.0.0,0.0.0.0 61.ZZZ.YYY.XXX netname: SHANGHAI-JIAOTONG-UNIVERSITY country: CN descr: Shanghai Jiaotong University mnt-by: MAINT-CN-CHINANET-ZJ-HZ role: CHINANET-ZJ Hangzhou address: No.352 Tiyuchang Road,Hangzhou,Zhejiang.310003 country: CN person: Zhihao Zhou nic-hdl: ZZ1073-AP

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

5/5 devices hacked (3 vendors) 3/5 backdoors found (2 vendors) 0/5 physical damage through IoT device Our stats

Slide 13

Slide 13 text

Taxonomy Methodology Check lists New OWASP chapter? Most important

Slide 14

Slide 14 text

External from Internet (CSRF+) WiFi guest (server-side) Neighbor (WiFi w/o password) Vendor (backdoors) Retailer (firmware modifications after manufacturing) Attackers

Slide 15

Slide 15 text

https://www.owasp.org/index.php/IoT_Security _Checklist Criteria

Slide 16

Slide 16 text

The end Contacts: @wallarm, @d0znpp research