Explore IoT bug bounty hunting techniques in this 48-minute conference talk from LevelUp 2017. Learn actionable strategies for identifying vulnerabilities in IoT and smart devices, including firmware analysis, hardware hacking, and radio communication exploits. Gain skills to perform attack surface mapping on commercial IoT devices, focusing on components like UART, JTAG, and BLE. Discover methods for extracting firmware, uncovering hardcoded sensitive values, and assessing mobile applications associated with IoT products. By the end, acquire the knowledge to systematically approach IoT security assessments and contribute to bug bounty programs.
Hacking Internet of Things for Bug Bounties - Aditya Gupta, LevelUp 2017
Overview
Syllabus
Introduction
About Aditya Gupta
IOT Bug Bounties
Systemic Approach
Micro and Macro
Components
Security
Component Mapping
IOT Devices
Embedded Device Hacking
Open Device
UART
JTAGulator
Placing
Firmware
Extracting the firmware
Hardcoded sensitive values
Mobile applications
Radio communications
Ble
Taught by
Bugcrowd
