Overview:

The Internet of Things (IoT) is expected to be the next big thing in IT and computing environments since the invention of the Internet and the Smart Phones. According to Gartner there are already 4.9 billion smart devices connected to Internet and this number is growing daily.

This explosion creates an attractive business opportunities for various players such as: Device and Hardware Manufacturers, Software Companies and Service Providers to name a few. But, with such a rapid change comes new cyber security challenges – from protecting your private medical information stored on your new fitness gadget to via protecting you smart home from traditional burglars and cyber security hackers and etc.

Throughout this seminar, we will review the theoretical aspects of IoT Threat Landscape as well as review common IoT vulnerabilities both on the Software level (Cloud and Mobile) as well as on the Hardware / Embedded level (End User Device / Sensor security).

For practical and real world experience, this seminar will also include an active hands-on session to provide real user experience with basic as well as advanced hacking techniques used analyze IoT applications and devices to find real vulnerabilities that can be exploited in the wild.

 

Syllabus:

  • Introducing the IoT world
    • Common uses, architectures and components
  • Reviewing IoT Threat Model and Landscape
  • Introducing OWASP Top IoT Vulnerabilities
    • Insecure Web Interface
    • Insufficient Authentication/Authorization
    • Insecure Network Services
    • Lack of Transport Encryption/Integrity Verification
    • Privacy Concerns
    • Insecure Cloud Interface
    • Insecure Mobile Interface
    • Insufficient Security Configurability
    • Insecure Software/Firmware
    • Poor Physical Security
  • Short introduction to Hardware and Embedded Computing
    • Short intro to Electrical Engineering and Embedded Computing
    • Introducing the Arduino platform
  • Hardware Hacking 101
    • Firmware analysis
    • Hacking Physical interfaces (UART, JTAG, SPI and I2C)
    • Hacking Radio / Wireless communication (RF, Zigbee)
    • Web interface hacking
    • Side Channel Attacks
    • Using Arduino as a hacking platform

Info

Main Speaker

Shay Zalalichin
Shay Zalalichin PalantirSecurity