Presentations - IOT: HOW I HACKED MY HOME

  • Location: Security Theater
  • Speaker: David Jacoby
  • Date and time: 11. October 2014. 09:30 - 10:20

Just imagine a scenario where you notice that your home’s software and hardware such as refrigerators, Smart TV or other products have been compromise

You do backup of your data, re-install your devices and make sure that the new installation has protection against malicious code, all updates are installed, but then six months later, you get compromised again, and all your new data is stolen again.
The attacker might have compromised your network storage device and turned it into a backdoor which is undetected and unfixable unless you replace the entire device. Or the attacker might have used your compromised Smart TV to regain network access to your corporate network, since the TV is connected to the same LAN as your employees.
This research identifies how easy it would be to hack someone’s home, are the devices connected to our network vulnerable, and what can the attacker actually do against these devices. Is a home “hackable?” 
THE GOAL
The main goal of the research is to see how vulnerable the homes really are, and also identify real, practical and relevant attack vectors to prove that.
David will share technical details about the different attack scenarios he identified in the devices he had connected to his home network, all kind of devices such as Smart TV, network routers, printers, network storage devices and others.
David will also raise several provocative questions about what responsibility the vendors have when it comes to adding security to their products, are we supposed to be this vulnerable?
THE IMPACT
During the research David identified new undiscovered vulnerabilities which allowed him to completely compromise some of the network devices. David’s home was turned into an unstable malicious zone. By using the vulnerabilities anyone could have had unauthorized access to all his files, obtain administrative access on most of the devices and also install backdoors on the devices transforming them into zombies in botnets, or stepping stones for further attacks.
Multiple 0day vulnerabilities where discovered allowing David to remotely execute system commands on the vulnerable devices with highest privileges.
When talking about backdoors, some of the network equipment David researched had “hidden” features which looks like someone could obtain even higher access than the local administrator and get full control over the device. The only question left is, who is that “someone” and how do they get access to the devices.


Sponsors:

Gold
Gold
Gold
Silver
Silver
Silver
Silver
Silver
Silver
Bronze
JOB
Technical