Explore the top 10 security vulnerabilities in Internet of Things (IoT) devices in this comprehensive conference talk. Delve into the world of embedded systems, consumer products, industrial control systems, corporate networks, and medical devices to understand the growing importance of IoT security. Learn about real-world examples, including the infamous D-Link router backdoor, and discover how simple exploits can lead to remote code execution. Gain insights into common issues such as default credentials, insecure remote management, and firmware vulnerabilities. Examine the challenges of encryption in IoT devices and the importance of secure protocols. Understand the need for user-friendly firmware updates, secure web frameworks, and maintaining a CIRT (Computer Incident Response Team) to address these critical security concerns in the rapidly expanding IoT landscape.
Overview
Syllabus
The Internet Of Insecure Things: 10 Most Wanted List
Things About Paul
Things About This Presentation
Its More About...
Embedded Systems
Consumer
People cared when...
Care more now?
Why Do We Care? Privacy.
Things are real
Industrial Control Systems
Corporate
Medical
More Already Happening
If I Had To Pick One Example....
Inside Joel's Backdoor
Background
Exemplify Problem Areas
Why Joel Did This?
Russians Found It First
Exploit Is Simple
Canadians & Chinese
Remote Exploitation Via Browser
DIR-100 Butter Overflow
Multi-Stage Dropper MIPS Shellcode
Let's Recap
Owning D-Link?
What Do We Do About It?
Firmware Backdoors
Backdoor password was...
Default Credentials
Insecure Remote Management
Open-Source drivers
Functions prone to overflow
Funny Thing About Encryption
Firmware Encryption
User Friendly Firmware Updates
Secure Web Frameworks
Maintain a CIRT
Secure Protocols
