Every day we hear about weak security of IoT devices, about vendors that don’t
take security seriously and how using and not changing default passwords could
lead to a leak of important and personal data. GPS trackers made with a default
password and predictable serial numbers allow full control of the tracker and
leak the user’s position. Due to heavy white labeling and use of the same cloud
infrastructure the scale of the problem is huge. I’m going to show and discuss
where the weaknesses are, what models and APIs are affected and how they can be
exploited. Live demo included. The talk is by itself also a comprehensive guide
on analyzing IoT device security, spanning from Android app to HW.
Currently security researcher at Avast. I lead research across various disciplines such as dynamic binary translation, hardware-assisted virtualization, IoT, firmware vulnerabilities and malware analysis. I’m devoted to technology and I’m...