Hardly a day goes by without an article about a new IoT (Internet of Things) device being hacked. IP cameras, routers, baby monitors, smart homes, NAS devices, light bulbs, cars, rifles, you name it.
During my research, I have created a methodology about the different risks IoT devices can introduce into a network. Most of the IoT security research focuses on the IoT device itself and its vulnerabilities, but don’t consider the environment. UPnP, IPv6, WebRTC, Same-Origin Policy, DNS rebind attacks to name a few.
I will hack a NAS device on the home network through the victim’s browser, from the Internet.
I will also demonstrate that IoT devices (IP camera in my case) with cloud connections are also susceptible to hacks due to basic security weaknesses in the cloud servers, like lack of brute-force protections or weak default passwords.
At the end of the session we will cover the most important security tips people can use at home or at the company.