PwdLess: Exploitation Tales from RouterLand | Cristofaro Mune | NULLCON Goa 2020

Presentation from the talk: https://bit.ly/CristofaroMunePresentation

Abstract: The talk leads the audience on a journey in an attacker mindset, techniques, and choices while targeting a real consumer IoT device. A wide range of techniques are used: Fuzzing, Reverse engineering, Code injection, Exploit development in constrained environments.

Full remote control of the target is achieved in multiple ways, allowing to discuss common patterns in IoT device security. Previously undisclosed vulnerabilities are discussed and demonstrated on stage. The research has been performed under specific constraints, hinting that, under some conditions, remote execution can be achieved even in very short timeframes.

Finally, the research allows touching upon the security challenges posed by supply chains, device obsolescence, and security support.

About Cristofaro Mune: Cristofaro has 15+ years of experience in SW & HW security assessment of highly secure products. He has given talks at renowned security conferences, like BlackHat, BlueHat, HITB, hardwear.io, on Fault Injection, TEEs, White-Box cryptography, IoT exploitation, and mobile security.

#Nullcon2020 #Security #IoT

Follow nullcon on Facebook: https://www.facebook.com/nullcon Twitter: https://twitter.com/nullcon LinkedIn: https://www.linkedin.com/company/nullcon-information-security-conference/ Website: https://nullcon.net