Talk - SAS2017: IoT Security Nightmares – 20 Minutes, 10 Devices

The Mirai botnet attacks and more recently those on Telekom Routers have shown that securing your home network and devices should be of paramount importance. As the world rushes headlong into taking all sorts of devices and systems online, we should stand back for a moment and consider the consequences. Security in IoT devices, such as travel routers, smart home automation and even toys for children is not given due attention during the development phase, resulting in widespread security problems, which can be leveraged to gain data about their network environment or their CPU cycles can be used to attack other devices.
In this presentation, I will demonstrate typical security issues in 10 different devices, demoing "root" on routers, toys and cameras. I will address the question of why tracing and disclosing vulnerabilities by a third-party is often found wanting. Most security flaws could have been uncovered in a penetration test and remedied before the product went to market.

Slides. Video