IoT and the Security of That Mobile App - Mark Loveless

Explore the security vulnerabilities in Internet of Things (IoT) devices and their accompanying mobile apps in this 55-minute conference talk from LASCON 2017. Delve into common mistakes, potential attack vectors, and techniques for dissecting IoT systems from a researcher's perspective. Examine real-world examples that highlight security issues in data transmission between devices and the cloud. Learn about various research tools and methodologies used to evaluate IoT security, including Bluetooth pairing methods, WiFi traffic analysis, certificate pinning, and web security. Investigate specific case studies involving personal protection devices, Apple Watch, and Milwaukee Tool, focusing on aspects such as LE privacy, MAC address security, and physical security. Gain insights into basic security concepts like bearer tokens and stored credentials, essential for understanding and improving IoT security.