Alex Jay Balan, Chief Security Researcher, Bitdefender
With most IoTs moving towards cloud platforms, it seemed appropriate to look at their implementations. And boy did the team hit “insecurity gold”! Authentication bypasses, device tampering and RCE. And the beauty of it is that it’s no longer needed to iterate the IP space and find open ports since one bad cloud implementation allows attackers to interact with all devices from the vendor.Pre-Requisites: Strong networking skills and understanding of tampering with APIs, MQTT, AWS S3. While not mandatory, it would help if the audience had some knowledge of buffer overflows, ROP and command injection for the RCE demos.
Related Post:
- DEF CON 27 IoT Village – Alex Jay Balan – Next gen IoT Botnets 3 moar ownage
- From Edge to Cloud: How Cloud IoT Core Is Supporting Industrial IoT at Scale (Cloud Next '19)
- The Modern Threat Landscape – A Closer Look at Botnets, IoT & DDoS From Netscout Research
- IoT at the Edge: Bringing intelligence to the edge using Cloud IoT (Cloud Next ’18)
- Building IoT Applications With Cloud IoT and Firebase (Cloud Next '19)
- OpenVINO™ Toolkit Reference Implementations | IOT Developer Show | Season 2 | Intel Software
- Retail Reference Implementations | IOT Developer Show | Season 3 | Intel Software
- Industrial Reference Implementations | IOT Developer Shows | Season 3 | Intel Software
- Connect and Manage IoT Devices at Scale with Cloud IoT Core | Google Cloud Labs
- Building IoT Applications on Google Cloud (Cloud Next ’18)