Overview
Explore the security vulnerabilities in Internet of Things (IoT) devices and their accompanying mobile apps in this 55-minute conference talk from LASCON 2017. Delve into common mistakes, potential attack vectors, and techniques for dissecting IoT systems from a researcher's perspective. Examine real-world examples that highlight security issues in data transmission between devices and the cloud. Learn about various research tools and methodologies used to evaluate IoT security, including Bluetooth pairing methods, WiFi traffic analysis, certificate pinning, and web security. Investigate specific case studies involving personal protection devices, Apple Watch, and Milwaukee Tool, focusing on aspects such as LE privacy, MAC address security, and physical security. Gain insights into basic security concepts like bearer tokens and stored credentials, essential for understanding and improving IoT security.
Syllabus
Intro
What is IoT
Bluetooth
Pairing Methods
WiFi Traffic
Certificate Pinning
Web Security
Library Security
IoT Basics
Personal Protection Devices
Roars
LE Privacy
Roar Athena
MAC Address
Security
Apple Watch
Physical Security
Bluetooth Security
Milwaukee Tool
Basic Security
What are bearer tokens
Stored credentials
Bearer token
Taught by
LASCON