COMMSEC: Digging Deep: How to Find and Exploit Bugs in IoT Devices


The security of Internet of Things (IoT) is becoming a hot topic, but this talk is not a typical IoT presentation. It will discuss and demonstrate in-depth research and a solid forensics approach including data, account information and configuration retrieval from IoT devices like routers, IP cameras or Smart TVs.

Last year, Wikileaks revealed a new CIA wireless hacking tool called “Cherry Blossom” which could allow for remotely compromising network devices using MITM attacks, however only a short portion of the report discussed actual hardware hacks. We have been looking into these attacks a year before the WikiLeaks reveal, and have much more to add on the physical hacking of the listed routers (Linksys and Dlink). We will demonstrate how to attack Linksys and Dlink routers to obtain privilege and gain access control as well as access to the firmware and configuration files of the devices mentioned.

In addition we will also be part of the Hardware Hacking Village in the CommSec exhibition area in which you can learn more about how you can conduct your own hacking of these devices with advanced techniques including JTAG/ISP and Chip-off with inexpensive, off-the-shelf equipment.

Location: Track 4 / CommSec Date: April 12, 2018 Time: 3:30 pm - 4:00 pm Kelvin Wong