Hacking smart-devices for fun and profit: From exploiting my smart-home into controlling thousands

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • aNullValue
    Moderator
    • Jun 2019
    • 584

    #1

    Hacking smart-devices for fun and profit: From exploiting my smart-home into controlling thousands

    Title: Hacking smart-devices for fun and profit: From exploiting my smart-home into controlling thousands of smart-devices around the world

    Description:
    Smart-devices are anywhere, connecting lights, AC, cameras and even heat-sensors. They present a weak spot in which hackers can hack and learn about internal network-configuration, change arbitrary controllers, and lead to high physical & software damage. In our scenario, thousands of HDL smart devices could have been exploited & remotely controlled in the wild. 4 unique vulnerabilities have been found and presented here - We show how they can be utilized by a sophisticated attacker to stealth-access smart-devices remotely, change, control and take advantage of their data. Also, we show how a full data-extraction of smart-devices managing accounts: private data and credentials could have been extracted as well. This unique attack scenario demonstrates the high-security impact of deploying IoT devices over any organization, especially when using dedicated IoT hardware and proprietary components which are interconnected and even remotely managed. A coordinated responsible disclosure was done and thankful to HDL responsiveness & approach - All was fixed.

    Speaker(s): Barak Sternberg

    Location: IoT Vlg / IOT Vlg

    Discord: https://discord.com/channels/7082082...34565604655114

    Event starts: 2020-08-08 09:00 (09:00 AM) PDT (UTC -07:00)

    Event ends: 2020-08-08 09:45 (09:45 AM) PDT (UTC -07:00)

    For the most up-to-date information, please either visit https://info.defcon.org, or use HackerTracker, which is available for iOS and Android. This is an automated message, and this data was last modified 2020-08-08T03:00 (UTC).
    Starts
    August 8, 2020 09:00
    Ends
    August 8, 2020 09:45
    Location
    IoT Vlg / IOT Vlg
    Last edited by aNullValue; August 7, 2020, 22:25.
Working...