Overview
Explore the world of IoT data exfiltration in this 47-minute RSA Conference talk. Delve into various IoT protocols and frequencies, including SSDP, P25, Zigbee, Z-Wave, and WiFi, to understand their potential for data exfiltration and network infiltration. Learn through real-world examples, sample code, and demonstrations how these IoT communications can be exploited. Gain insights into detecting aberrant behavior from IoT devices and discover techniques to protect your network. Examine specific exfiltration methods, including Smart Watch and Windows Virtual WiFi exploits, as well as the exploitation of SSDP-ULA OPT Field. Participate in a hands-on case study and demo, featuring a Python script for data exfiltration using SSDP. Conclude with essential considerations for IoT device security and a comprehensive prescription for improved non-exfiltration hygiene.
Syllabus
Intro
Speaker Introduction
Exfiltration Methods
Smart Watch Exfiltration
Windows Virtual WiFi (7, 8, & 10)
Wireless Rogues on Network - Virtual WiFi
lot Protocol Exfiltration
Exploitation of SSDP-ULA OPT Field
UDP - Exploitation of SSDP
lot Device Critical Considerations
Exfiltration Case Study and Demo
Python Script to Exfiltrate Data using SSDP
Prescription for better non-Exfil Hygiene
Taught by
RSA Conference