Finding and exploiting vulnerabilities in IoT devices


*** Session #1: Abusing the IoT in Smart Buildings ***
The first session is about Building Automation Systems control functions such as air conditioning, access control, and video surveillance in critical facilities such as data centers and airports. With the advent of the IoT, sensors, controllers and many other devices (e.g., surveillance cameras) are available in consumer shops and are being integrated into new and existing smart buildings. These devices are much cheaper than industrial controllers and far easier to install, but they often lack security features and vulnerabilities are discovered with increasing frequency. In addition, bad security practices such as simple or default credentials, unencrypted traffic and lack of network segmentation remain common. In this presentation, we discuss the results of research conducted at Forescout in the past 2 years, including an analysis of the security landscape for smart buildings with industrial controllers and IoT devices; the development of a proof-of-concept malware using newly discovered and previously known vulnerabilities, and a description of how this can be used by malicious actors in emerging attack scenarios.

Speaker: Daniel dos Santos, Research Lead @ Forescout
Bio: Daniel dos Santos holds a Ph.D. in computer science from the University of Trento and has experience in security consulting and research. He is currently a researcher at Forescout, focusing on vulnerability research and the development of innovative features for network security monitoring.

*** Session #2: Do we need an IoTT&CK Matrix or NoT? ***
NIST calls Networks of Things, NoTs and adding Security or ID to these acronyms also does NoT concatenate too well
What Bruce Schneier and Cory Doctorow said about the following story and state of IoT security is also not much fun… unless there is a bounty award, maybe.

We will explore and share lessons learned from one of our recent adventures in Vulnerability Disclosure in an emerging field of Enterprise collaboration tech. What started out as a quick survey of OWASP Top 10 in one of our Cyber Range test targets resembling an innocent touchscreen SmartTV, led to a rabbit hole of IoT hacking insights and understanding the potential risks such a “soft target” asset might introduce to the Enterprise - primarily, AWS data leak, stealthy espionage of web conference meeting content via “OS-hopping”, remote room bugging, a cyber-crime-friendly host environment for lateral movement and perhaps most importantly, maturity models of OpSec, ProdSec, and Procurement/VSAQ.

We’ll discuss the extremely wide “defaults” attack surface (physical, LAN, WLAN, multi-OS, cloud, mobile, etc) of such a hyper-connected device integrated with many cloud web conferencing, screen sharing and digital whiteboard software apps. Both physical and logical network location of these devices provides a perfect host for attackers - turning a device into a rogue for lateral movement or ability to spy on Board room meetings… Aside from basic strategies for detecting, hardening and segmenting such devices properly, we will propose an idea for IoTT&CK Matrix that describes cyber-physical methods involving HW hacking, wireless proximity, and kinetic impact.

Speaker: Alex Eisen
Bio: Masters in Comp Sci. Served as civilian on DoD ISP Incident Response, STIG, Blue and Red Teams.
Tech edited 2 Hacking Exposed (McGraw Hill) books - Malware and Rootkits (2009); Reverse Deception (2012).
Ex-Mandiant: responded to Operation Aurora in Silicon Valley; cybercrime investigator and linguist for FBI with successful attribution of foreign financial fraud criminals.
Taught digital forensics at FBI Cyber Crime Academy at Langley and InfoSec as Adj. Prof at; Built and led Splunk’s post-IPO Product & App Security Program and team.

The meetup will be held in English