Explore embedded systems security in this 47-minute conference talk from GrrCON 2017. Delve into the world of Internet of Things (IoT) vulnerabilities, examining real-world examples from various industries including automotive, agriculture, and smart buildings. Learn about typical corporate penetration testing, firmware analysis, and the challenges of securing complex ecosystems. Discover the importance of coordinated disclosure, addressing knowledge gaps in cybersecurity, and implementing best practices for securing smart devices. Gain insights on partnering with stakeholders, managing false positives, and navigating the complexities of software decay and lifecycle management in embedded systems.
Overview
Syllabus
Intro
Thanks
This years talk is
Who am I
What am I talking about today
What is a typical corporate pen test
What is IoT
Problems with IoT
Examples
Camera Controller
Camera Version Firmware
Shodan
Embedded Systems
Dairy Farm
Mercedes Benz
School
Business
Pool
Jewelry Store
Fingerprinting Systems
Password Change
CVS Search
Firmware
Download Firmware
Coordinated Disclosure
Camera Firmware
Other Embedded Systems
Solar Panels
Embedded IOT
Smart Buildings
Schneider Electric
Schneier
Back Door
Knowledge Gap
Cybersecurity
Web Server
Web Apps
CVS
Whose problem is this
Securing smart buildings
Getting the basics right
Separation
Physically Secure
Software Decay
SDLC
Windows XP
Partners
False positives
Complex ecosystem
Internal stakeholder
Security is hard
Contact information
Hacking back
