A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Network exploitation of IoT ecosystems - Fotios (ithilgore) Chantzis GrrCON 2019 (Hacking Illustrated Series InfoSec Tutorial Videos)

Network exploitation of IoT ecosystems
Fotios (ithilgore) Chantzis
GrrCON 2019

Internet of Things (IoT) ecosystems are comprised of a large variety of connected devices that are rife with ?smart? features and textbook vulnerabilities. With the advent of ever growing interconnection and interoperability of all these devices, protocols that focus on automation have been developed throughout the years. These often assume an environment with cooperating participants - something that rarely happens in the real world. The fast market pace also leads manufacturers to marginalize security as having low return on investment. IoT devices are usually embedded with low-energy and low processing capabilities, deprioritizing security robustness as a result. All of the above combined make for ecosystems with lots of inherent weaknesses. In this talk we are going to present techniques and attacks on network protocols and insecure implementations commonly found in IoT ecosystems. We are going to explore how penetration testers can abuse zeroconf networking protocols like UPnP, mDNS, WS-Discovery and others and how to combine a chain of seemingly lower risk findings into an impactful attack. Other IoT security angles will be explored as well - from the default insecurity of video streaming protocols like RTP, heavily used by networked cameras, to the growing usage of IPv6 and what that entails in terms of the security posture of the IoT world.

Back to GrrCON 2019 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast