IOT RCE - A Study With Disney

Explore the vulnerabilities of IoT devices in this 50-minute conference talk by Lilith Wyatt from 0xdade. Delve into the security challenges faced by IoT devices, which remain stuck in 1990s-level security despite their prevalence in modern home networks. Examine case studies of the "Circle with Disney" and Foscam devices, uncovering over 50 CVEs. Focus on novel attack techniques, including SSL certificate attribute validation bypasses, SSID broadcasting injection, use-between-realloc memory corruption, and cloud routing abuse. Learn about IoT devices' use of traditionally offensive tools for central functionality. Gain insights from Lilith Wyatt, a Research Engineer with the Talos Security Intelligence and Research Group at Cisco, as she shares her expertise in product security research and vulnerability discovery.