The Internet of Vulnerabilities Deral Heiland Research Lead IoT | Rapid7
Deral Heiland CISSP Research Lead (IoT) Rapid7
IoT Research
Effective Methodology Functional Evaluation Device Reconnaissance Cloud & Web APIs Mobile & Control Applications Network Physical Embedded hardware Inspection Physical Device Attacks Radio (RF)
IoT Hacking
A Few Fun Projects Automated lighting solutions BLE tracking dongles Telepresence robots GPS Panic buttons
Automated Lighting • Unencrypted Storage • Poor Encryption • Unauthenticated control • Embedded Web Vulns
#Set up data to send to port 4000 $data1 = "\x83\x00\x00\xe3\x03\x00\x00\x00\x01"; $data2 = pack('a33',"$SSID"); $data3 = pack('a69',"$WPAPSK"); $data4 = "\x04\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; $send_data = join "", $data1, $data2, $data3, $data4;
Telepresence Robot • Insecure cloud APIs • Information Leakage • Bluetooth Pairing
https://api.doublerobotics.com/api/v1/session/?limit=1&offset=xxxxxxx&format=json
https://api.doublerobotics.com/api/v1/installation/?limit=1&offset=xxxxxxx&format=json
BLE Dongles • Unauthenticated Access • Week BLE pairing • Information Leakage • Insecure cloud API
https://phonehalocloud.appspot.com/rest/tracker/00000f7c-541088d9
GPS Panic Button • Poor Design • None SSL communication • Bounds checks • Realtime WWW Fail
Deral Heiland CISSP Research Lead Rapid7 Deral_heiland@rapid7.com @percent_x
Recommend
More recommend