SlideShare ist ein Scribd-Unternehmen logo

Ken Munro Pentest Partners IoT Forum 2016

Als PPTX, PDF herunterladen
Business of Software Conference
Business of Software Conference

From kettles to toys it seems there is nothing that cannot be internet enabled and controlled with an app. WHY!? There are downsides though. What if your product leaks information, or can be used to sabotage a network, or even endanger personal safety? Ken used live demos to show how popular devices can be hacked and abused, and what you can do to prevent it. He also discusses the benefits of baking security into products, by enabling over-the-air updates, avoiding costly product recalls and being a truly trustworthy brand. IoT | Internet of Things | Security Want to watch the video of this talk & hear about free speaker hangouts? Hop over here: http://bit.ly/IoTForum16Talks We will keep you up to date with new talks. We will never sell your email address and you can unsubscribe at any time.

Technologie
1 von 40
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Vulnerabilities in the Internet of Things or How weak mobile app code led us to a bunch of IoT bugs
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Warning: This presentation may contain hot liquids (and swearing)
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Basic mobile app security principle: Write it securely Obfuscate the code to make reverse engineering really tough
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP What’s the problem? Huge increase in attack surface: Mobile app security Web app security API security Mobile device security IoT device hardware/firmware security RF security For a manufacturer of ‘things’…
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP My Wi-Fi Kettle Er yeah. Why? Nice idea, if pointless Future potential quite interesting Coffee machine ships mid October Security-fail central
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Attacking a kettle #1 port scan #2 disassembly #3 locate chipset manuals #4 review source code #5 find code fails #6 0wnage
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP How to reverse Android apps First, get the APK, can use ADB to extract it from phone Then decompile using Dex2Jar or Jadex https://github.com/pxb1988/dex2jar Figure out how the app works Edit Dalvik bytecode using APKTool (smali) https://ibotpeaches.github.io/Apktool/ Or simply edit resources it uses Recompile, sign with any key, distribute
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Attacking a kettle Other crazy consequences: Write your own client software – kudos to Mark J Cox Geo-locate unconfigured wireless kettles Geo-locate configured wireless kettles ‘Steamy windows’ attack, run up victim’s power bill WIP: exploding kettle
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Their latest releases iKettle 2.0 Wi-Fi coffee machine New app New fun More caffeine fueled reverse engineering
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP My Friend Cayla Remember our sweary talking doll? A year is a long time in security…
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Attacking a kids doll #1 hardware issues #2 disassembly #3 root phone #4 locate local database #5 modify content #6 redeploy
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Hacking Cayla Wikipedia API Evil API Bluetooth Voice recognition Local Q database + ‘badwords’ MITM Modify unencrypted data in transit Evil phone, modified app Modify SQLite DB contents Tamper with anti-swearing process API call broken when Wikipedia enforced SSL!
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Putting it right Manufacturer clearly doesn’t ‘get’ security “We will be issuing an update to the mobile app to fix the issues raised” – except they didn’t Implementing SSL will help, so long as certificate pinning is enforced Otherwise, MITM again But, Bluetooth promiscuity cannot be fixed, as there is no security of pairing process
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Vendor updates the app Our attack stopped working a while back, after the application was finally updated They ‘fixed’ it by encrypting the database contents with SQLcipher Er – ignoring the issues that actually mattered
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP My Friend Freddy Bear Nothing changes… Whilst reverse engineering the iOS version of Cayla’s app, a researcher found a ‘machine gun’ sound file in her code Action Cayla? Freddy Bear shipped this Xmas, equally vulnerable Slightly more annoying
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP The media don’t help CSI Cyber contacted us about My Friend Cayla A talking doll involved in a murder. So we wrote a technically plausible ‘hack’ for them In the end they just dubbed a Barbie-alike!
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Hello Barbie Totally different security model BUT Wi-Fi PSK stored on board Potential to intercept mike Some other data cached on board …and parents can create accounts to view child’s activity
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Samsung Smart Fridge Samsung RF28HMELBSR Smart Fridge View Google calendars, weather, recipes, TV etc Did I say ‘utterly pointless’? Spectacularly fails to properly encrypt your Gmail password Drive past your house, attack fridge, steal your email
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Samsung Washing machine Samsung WW10H9600EW ‘smart’ washer Work in progress, but allows remote control of your washing machine Similar control to smart fridge Wi-Fi network primary attack vector Amusing conversation with installer: “Can I plumb it in for you?” “No thanks, I’m not using it for washing” -> very confused look At least SSL certs are validated
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Hoover Wizard
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Hoover Wizard Ready for a train wreck? Time to look at the mobile app code Static oauth tokens for API Plain text control on local network with ‘encription’ Can we set fire to it?
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Ring Wi-Fi doorbell Remove doorbell Unscrew two T6 Torx screws, Push setup button on rear of bell Connect to embedded web server running on Gainspan Wi-Fi module Users Wi-Fi PSK displayed in plain text…
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Ring Wi-Fi doorbell For once, a vendor that actually responded quickly and effectively Acknowledged bug within about 20 minutes of Twitter DM Fix pushed within 2 weeks But, still trackable:
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Internet scales FitBit Aria internet scales Connects to your network over Wi-Fi Shares weight & fatness through Fitbit online services Set up guest-only IDs the user by weight Don’t eat too many pies overnight Sends your home SSID to FitBit servers at registration, potential to identify user Fitbit could therefore geolocate you with wigle.net Nothing on the board appears to be encrypted Limited processing power & storage
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Setup mode PSK disclosure Put kettle in to setup mode – either push reset button, or take out batteries Navigate to URL here PSK disclosed in plain text Found & reported, fixed in firmware 38 How we found it:
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP UART SPI
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP JTAG
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Star Wars Remember this guy? Surely BB-8 can’t have vulnerabilities?
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Wearables Wi-Fi eminently more trackable than other RF technologies Mostly due to war driving and wigle.net Though still potential with BlueTooth, BT LE, Zigbee, Z-Wave 802.11ah HaLow concerning What do you sync your device with?
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Wearables – smart bra Innovative approach to heart rate monitoring Some discussion about being able to assess other stats, such as body temperature Not quite shipping yet www.omsignal.com Can’t wait…
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Wearables – tracking The HRM in the smart clothing syncs with a smart phone and fitness app Strava MapMyRun Nike+ Runkeeper And Runtastic, which had a lovely vulnerability that allowed unauthenticated live tracking…
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Tracking by fitness apps Privacy for various activity tracking apps is dreadful Runkeeper, MapMyRun, Strava, Runtastic All had privacy settings off by default Generally hard to find and configure privacy Strava in fairness mailed users on day2 to show how Most had sequential session IDs Runtastic had the shocking real-time tracking bug, even when profile set to private Only Nike+ seemed to get security & privacy ‘right’
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP iSpy Tank Wi-Fi access point with tracks Static creds to web interface Take control from outside the victim’s house Go spy! Thermostats, LightwaveRF etc etc all being investigated
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP In summary IoT product vendors have a lot to learn about security So do some mobile app coders Finding these bugs would have been really tough if the code was properly obfuscated Check out your mobile app code; look for the basics: Is it obfuscated / encrypted? Static credentials / static keys Plain text communications / SSL pinning
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP IoT Security Foundation There’s hope yet! Various bodies attempting to bring good practice to IoT manufacturers Some progress by US FDA towards medical device security standards IoT SF shortly to deliver initial self-cert for IoT security, followed by more robust compliance
info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP The Internet of Things is a scary place Be cynical, don’t adopt technologies that aren’t proven secure @thekenmunroshow @pentestpartners Blog:www.pentestpartners.com

Empfohlen

Paul Egan, IoTUK, IoT Forum 2016, Regulation: What is it good for? Absolute I...
Paul Egan, IoTUK, IoT Forum 2016, Regulation: What is it good for? Absolute I...Paul Egan, IoTUK, IoT Forum 2016, Regulation: What is it good for? Absolute I...
Paul Egan, IoTUK, IoT Forum 2016, Regulation: What is it good for? Absolute I...Business of Software Conference
 
Phani Pandragi, Kii, IoT Forum 2016, Carrier Partnering
Phani Pandragi, Kii, IoT Forum 2016, Carrier PartneringPhani Pandragi, Kii, IoT Forum 2016, Carrier Partnering
Phani Pandragi, Kii, IoT Forum 2016, Carrier PartneringBusiness of Software Conference
 
Mike Hogg, Zuhlke, IoT Forum 2016, Unlocking the IoT Door
Mike Hogg, Zuhlke, IoT Forum 2016, Unlocking the IoT DoorMike Hogg, Zuhlke, IoT Forum 2016, Unlocking the IoT Door
Mike Hogg, Zuhlke, IoT Forum 2016, Unlocking the IoT DoorBusiness of Software Conference
 
Dan Clarke, Cambs County Council, IoT Forum 2016, Funding Smart Cities
Dan Clarke, Cambs County Council, IoT Forum 2016, Funding Smart CitiesDan Clarke, Cambs County Council, IoT Forum 2016, Funding Smart Cities
Dan Clarke, Cambs County Council, IoT Forum 2016, Funding Smart CitiesBusiness of Software Conference
 
Craig Hollingworth, Concirrus, IoT Forum 2016, IoT: You're doing it all wrong!
Craig Hollingworth, Concirrus, IoT Forum 2016, IoT: You're doing it all wrong!Craig Hollingworth, Concirrus, IoT Forum 2016, IoT: You're doing it all wrong!
Craig Hollingworth, Concirrus, IoT Forum 2016, IoT: You're doing it all wrong!Business of Software Conference
 
Nick Lansley, Innovation Insider, IoT Forum 2016, Consumers Don't Buy IoT
Nick Lansley, Innovation Insider, IoT Forum 2016, Consumers Don't Buy IoTNick Lansley, Innovation Insider, IoT Forum 2016, Consumers Don't Buy IoT
Nick Lansley, Innovation Insider, IoT Forum 2016, Consumers Don't Buy IoTBusiness of Software Conference
 
Simon Hodgkinson, Smart Earth Network, IoT Fourm 2016, Internet of Dugongs
Simon Hodgkinson, Smart Earth Network, IoT Fourm 2016, Internet of DugongsSimon Hodgkinson, Smart Earth Network, IoT Fourm 2016, Internet of Dugongs
Simon Hodgkinson, Smart Earth Network, IoT Fourm 2016, Internet of DugongsBusiness of Software Conference
 
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...Business of Software Conference
 

Empfohlen

Paul Egan, IoTUK, IoT Forum 2016, Regulation: What is it good for? Absolute I...
Paul Egan, IoTUK, IoT Forum 2016, Regulation: What is it good for? Absolute I...Paul Egan, IoTUK, IoT Forum 2016, Regulation: What is it good for? Absolute I...
Paul Egan, IoTUK, IoT Forum 2016, Regulation: What is it good for? Absolute I...Business of Software Conference
 
Phani Pandragi, Kii, IoT Forum 2016, Carrier Partnering
Phani Pandragi, Kii, IoT Forum 2016, Carrier PartneringPhani Pandragi, Kii, IoT Forum 2016, Carrier Partnering
Phani Pandragi, Kii, IoT Forum 2016, Carrier PartneringBusiness of Software Conference
 
Mike Hogg, Zuhlke, IoT Forum 2016, Unlocking the IoT Door
Mike Hogg, Zuhlke, IoT Forum 2016, Unlocking the IoT DoorMike Hogg, Zuhlke, IoT Forum 2016, Unlocking the IoT Door
Mike Hogg, Zuhlke, IoT Forum 2016, Unlocking the IoT DoorBusiness of Software Conference
 
Dan Clarke, Cambs County Council, IoT Forum 2016, Funding Smart Cities
Dan Clarke, Cambs County Council, IoT Forum 2016, Funding Smart CitiesDan Clarke, Cambs County Council, IoT Forum 2016, Funding Smart Cities
Dan Clarke, Cambs County Council, IoT Forum 2016, Funding Smart CitiesBusiness of Software Conference
 
Craig Hollingworth, Concirrus, IoT Forum 2016, IoT: You're doing it all wrong!
Craig Hollingworth, Concirrus, IoT Forum 2016, IoT: You're doing it all wrong!Craig Hollingworth, Concirrus, IoT Forum 2016, IoT: You're doing it all wrong!
Craig Hollingworth, Concirrus, IoT Forum 2016, IoT: You're doing it all wrong!Business of Software Conference
 
Nick Lansley, Innovation Insider, IoT Forum 2016, Consumers Don't Buy IoT
Nick Lansley, Innovation Insider, IoT Forum 2016, Consumers Don't Buy IoTNick Lansley, Innovation Insider, IoT Forum 2016, Consumers Don't Buy IoT
Nick Lansley, Innovation Insider, IoT Forum 2016, Consumers Don't Buy IoTBusiness of Software Conference
 
Simon Hodgkinson, Smart Earth Network, IoT Fourm 2016, Internet of Dugongs
Simon Hodgkinson, Smart Earth Network, IoT Fourm 2016, Internet of DugongsSimon Hodgkinson, Smart Earth Network, IoT Fourm 2016, Internet of Dugongs
Simon Hodgkinson, Smart Earth Network, IoT Fourm 2016, Internet of DugongsBusiness of Software Conference
 
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...
Charalampos Doukas, ICT30 AGILE, IoT Forum 2016, Smart Gateways, Blockchain &...Business of Software Conference
 
BoSUSA23 | Greg Baugues | Someone Using AI Will Take Your Job
BoSUSA23 | Greg Baugues | Someone Using AI Will Take Your JobBoSUSA23 | Greg Baugues | Someone Using AI Will Take Your Job
BoSUSA23 | Greg Baugues | Someone Using AI Will Take Your JobBusiness of Software Conference
 
BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...
BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...
BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...Business of Software Conference
 
BoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & Engineering
BoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & EngineeringBoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & Engineering
BoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & EngineeringBusiness of Software Conference
 
BoSON23 | Tim Wilkinson | Making First Hire Product Managers Work
BoSON23 | Tim Wilkinson | Making First Hire Product Managers WorkBoSON23 | Tim Wilkinson | Making First Hire Product Managers Work
BoSON23 | Tim Wilkinson | Making First Hire Product Managers WorkBusiness of Software Conference
 
BoSON23 | Lucy Heskins | How To Use Your Product As A Marketing Engine
BoSON23 | Lucy Heskins | How To Use Your Product As A Marketing EngineBoSON23 | Lucy Heskins | How To Use Your Product As A Marketing Engine
BoSON23 | Lucy Heskins | How To Use Your Product As A Marketing EngineBusiness of Software Conference
 
BoSON23 | Mark Gibson | Better B2B Sales
BoSON23 | Mark Gibson | Better B2B SalesBoSON23 | Mark Gibson | Better B2B Sales
BoSON23 | Mark Gibson | Better B2B SalesBusiness of Software Conference
 
BoSON23 | Alex Osterwalder | Coaching & Leadership in Remote Companies
BoSON23 | Alex Osterwalder | Coaching & Leadership in Remote CompaniesBoSON23 | Alex Osterwalder | Coaching & Leadership in Remote Companies
BoSON23 | Alex Osterwalder | Coaching & Leadership in Remote CompaniesBusiness of Software Conference
 
BoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the World
BoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the WorldBoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the World
BoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the WorldBusiness of Software Conference
 
BoSEU24 | Ninnu Campbell | How to Make People Fail
BoSEU24 | Ninnu Campbell | How to Make People FailBoSEU24 | Ninnu Campbell | How to Make People Fail
BoSEU24 | Ninnu Campbell | How to Make People FailBusiness of Software Conference
 
BoSEU24 | Joe Leech | Seven Traits of the Modern CEO
BoSEU24 | Joe Leech | Seven Traits of the Modern CEOBoSEU24 | Joe Leech | Seven Traits of the Modern CEO
BoSEU24 | Joe Leech | Seven Traits of the Modern CEOBusiness of Software Conference
 
BoSEU24 | Imogen Wethered | How to Sell a Business in a Decade
BoSEU24 | Imogen Wethered | How to Sell a Business in a DecadeBoSEU24 | Imogen Wethered | How to Sell a Business in a Decade
BoSEU24 | Imogen Wethered | How to Sell a Business in a DecadeBusiness of Software Conference
 
BoSEU24 | Eleanor Gunn | The Top Five Regrets of the Dying
BoSEU24 | Eleanor Gunn | The Top Five Regrets of the DyingBoSEU24 | Eleanor Gunn | The Top Five Regrets of the Dying
BoSEU24 | Eleanor Gunn | The Top Five Regrets of the DyingBusiness of Software Conference
 
BoSEU24 | Claire Suellentrop | How to Operationalise JTBD
BoSEU24 | Claire Suellentrop | How to Operationalise JTBDBoSEU24 | Claire Suellentrop | How to Operationalise JTBD
BoSEU24 | Claire Suellentrop | How to Operationalise JTBDBusiness of Software Conference
 
BoSEU24 | Bruce McCarthy | Aligning Executive Teams
BoSEU24 | Bruce McCarthy | Aligning Executive TeamsBoSEU24 | Bruce McCarthy | Aligning Executive Teams
BoSEU24 | Bruce McCarthy | Aligning Executive TeamsBusiness of Software Conference
 
BoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem Shooting
BoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem ShootingBoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem Shooting
BoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem ShootingBusiness of Software Conference
 
BoSEU24 | Bill Thompson | Talk From Another Century
BoSEU24 | Bill Thompson | Talk From Another CenturyBoSEU24 | Bill Thompson | Talk From Another Century
BoSEU24 | Bill Thompson | Talk From Another CenturyBusiness of Software Conference
 
BoSUSA22 | Mikey Trafton | Finding Your Super Powers
BoSUSA22 | Mikey Trafton | Finding Your Super PowersBoSUSA22 | Mikey Trafton | Finding Your Super Powers
BoSUSA22 | Mikey Trafton | Finding Your Super PowersBusiness of Software Conference
 
BoSON22 | Tony Ulwick | The ‘JTBD Needs’ Framework
BoSON22 | Tony Ulwick | The ‘JTBD Needs’ FrameworkBoSON22 | Tony Ulwick | The ‘JTBD Needs’ Framework
BoSON22 | Tony Ulwick | The ‘JTBD Needs’ FrameworkBusiness of Software Conference
 
BoSON22 | Rita McGrath | Discovery Driven Planning
BoSON22 | Rita McGrath | Discovery Driven PlanningBoSON22 | Rita McGrath | Discovery Driven Planning
BoSON22 | Rita McGrath | Discovery Driven PlanningBusiness of Software Conference
 
BoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdf
BoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdfBoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdf
BoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdfBusiness of Software Conference
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Weitere ähnliche Inhalte

Mehr von Business of Software Conference

BoSUSA23 | Greg Baugues | Someone Using AI Will Take Your Job
BoSUSA23 | Greg Baugues | Someone Using AI Will Take Your JobBoSUSA23 | Greg Baugues | Someone Using AI Will Take Your Job
BoSUSA23 | Greg Baugues | Someone Using AI Will Take Your JobBusiness of Software Conference
 
BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...
BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...
BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...Business of Software Conference
 
BoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & Engineering
BoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & EngineeringBoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & Engineering
BoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & EngineeringBusiness of Software Conference
 
BoSON23 | Tim Wilkinson | Making First Hire Product Managers Work
BoSON23 | Tim Wilkinson | Making First Hire Product Managers WorkBoSON23 | Tim Wilkinson | Making First Hire Product Managers Work
BoSON23 | Tim Wilkinson | Making First Hire Product Managers WorkBusiness of Software Conference
 
BoSON23 | Lucy Heskins | How To Use Your Product As A Marketing Engine
BoSON23 | Lucy Heskins | How To Use Your Product As A Marketing EngineBoSON23 | Lucy Heskins | How To Use Your Product As A Marketing Engine
BoSON23 | Lucy Heskins | How To Use Your Product As A Marketing EngineBusiness of Software Conference
 
BoSON23 | Alex Osterwalder | Coaching & Leadership in Remote Companies
BoSON23 | Alex Osterwalder | Coaching & Leadership in Remote CompaniesBoSON23 | Alex Osterwalder | Coaching & Leadership in Remote Companies
BoSON23 | Alex Osterwalder | Coaching & Leadership in Remote CompaniesBusiness of Software Conference
 
BoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the World
BoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the WorldBoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the World
BoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the WorldBusiness of Software Conference
 
BoSEU24 | Imogen Wethered | How to Sell a Business in a Decade
BoSEU24 | Imogen Wethered | How to Sell a Business in a DecadeBoSEU24 | Imogen Wethered | How to Sell a Business in a Decade
BoSEU24 | Imogen Wethered | How to Sell a Business in a DecadeBusiness of Software Conference
 
BoSEU24 | Eleanor Gunn | The Top Five Regrets of the Dying
BoSEU24 | Eleanor Gunn | The Top Five Regrets of the DyingBoSEU24 | Eleanor Gunn | The Top Five Regrets of the Dying
BoSEU24 | Eleanor Gunn | The Top Five Regrets of the DyingBusiness of Software Conference
 
BoSEU24 | Claire Suellentrop | How to Operationalise JTBD
BoSEU24 | Claire Suellentrop | How to Operationalise JTBDBoSEU24 | Claire Suellentrop | How to Operationalise JTBD
BoSEU24 | Claire Suellentrop | How to Operationalise JTBDBusiness of Software Conference
 
BoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem Shooting
BoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem ShootingBoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem Shooting
BoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem ShootingBusiness of Software Conference
 
BoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdf
BoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdfBoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdf
BoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdfBusiness of Software Conference
 

Mehr von Business of Software Conference (20)

BoSUSA23 | Greg Baugues | Someone Using AI Will Take Your Job
BoSUSA23 | Greg Baugues | Someone Using AI Will Take Your JobBoSUSA23 | Greg Baugues | Someone Using AI Will Take Your Job
BoSUSA23 | Greg Baugues | Someone Using AI Will Take Your Job
 
BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...
BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...
BoSUSA23 | Kyle Bazzy & Derik Sutton | Rethinking Sales From the Demand Side ...
 
BoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & Engineering
BoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & EngineeringBoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & Engineering
BoSUSA23 | Chris Spiek & Justin Dickow | Autobooks Product & Engineering
 
BoSON23 | Tim Wilkinson | Making First Hire Product Managers Work
BoSON23 | Tim Wilkinson | Making First Hire Product Managers WorkBoSON23 | Tim Wilkinson | Making First Hire Product Managers Work
BoSON23 | Tim Wilkinson | Making First Hire Product Managers Work
 
BoSON23 | Lucy Heskins | How To Use Your Product As A Marketing Engine
BoSON23 | Lucy Heskins | How To Use Your Product As A Marketing EngineBoSON23 | Lucy Heskins | How To Use Your Product As A Marketing Engine
BoSON23 | Lucy Heskins | How To Use Your Product As A Marketing Engine
 
BoSON23 | Mark Gibson | Better B2B Sales
BoSON23 | Mark Gibson | Better B2B SalesBoSON23 | Mark Gibson | Better B2B Sales
BoSON23 | Mark Gibson | Better B2B Sales
 
BoSON23 | Alex Osterwalder | Coaching & Leadership in Remote Companies
BoSON23 | Alex Osterwalder | Coaching & Leadership in Remote CompaniesBoSON23 | Alex Osterwalder | Coaching & Leadership in Remote Companies
BoSON23 | Alex Osterwalder | Coaching & Leadership in Remote Companies
 
BoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the World
BoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the WorldBoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the World
BoSEU24 | Oyinda Bamgbose | How Tech Can Still Save the World
 
BoSEU24 | Ninnu Campbell | How to Make People Fail
BoSEU24 | Ninnu Campbell | How to Make People FailBoSEU24 | Ninnu Campbell | How to Make People Fail
BoSEU24 | Ninnu Campbell | How to Make People Fail
 
BoSEU24 | Joe Leech | Seven Traits of the Modern CEO
BoSEU24 | Joe Leech | Seven Traits of the Modern CEOBoSEU24 | Joe Leech | Seven Traits of the Modern CEO
BoSEU24 | Joe Leech | Seven Traits of the Modern CEO
 
BoSEU24 | Imogen Wethered | How to Sell a Business in a Decade
BoSEU24 | Imogen Wethered | How to Sell a Business in a DecadeBoSEU24 | Imogen Wethered | How to Sell a Business in a Decade
BoSEU24 | Imogen Wethered | How to Sell a Business in a Decade
 
BoSEU24 | Eleanor Gunn | The Top Five Regrets of the Dying
BoSEU24 | Eleanor Gunn | The Top Five Regrets of the DyingBoSEU24 | Eleanor Gunn | The Top Five Regrets of the Dying
BoSEU24 | Eleanor Gunn | The Top Five Regrets of the Dying
 
BoSEU24 | Claire Suellentrop | How to Operationalise JTBD
BoSEU24 | Claire Suellentrop | How to Operationalise JTBDBoSEU24 | Claire Suellentrop | How to Operationalise JTBD
BoSEU24 | Claire Suellentrop | How to Operationalise JTBD
 
BoSEU24 | Bruce McCarthy | Aligning Executive Teams
BoSEU24 | Bruce McCarthy | Aligning Executive TeamsBoSEU24 | Bruce McCarthy | Aligning Executive Teams
BoSEU24 | Bruce McCarthy | Aligning Executive Teams
 
BoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem Shooting
BoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem ShootingBoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem Shooting
BoSEU24 | Bob Moesta | Live JTBD Case Studies + Problem Shooting
 
BoSEU24 | Bill Thompson | Talk From Another Century
BoSEU24 | Bill Thompson | Talk From Another CenturyBoSEU24 | Bill Thompson | Talk From Another Century
BoSEU24 | Bill Thompson | Talk From Another Century
 
BoSUSA22 | Mikey Trafton | Finding Your Super Powers
BoSUSA22 | Mikey Trafton | Finding Your Super PowersBoSUSA22 | Mikey Trafton | Finding Your Super Powers
BoSUSA22 | Mikey Trafton | Finding Your Super Powers
 
BoSON22 | Tony Ulwick | The ‘JTBD Needs’ Framework
BoSON22 | Tony Ulwick | The ‘JTBD Needs’ FrameworkBoSON22 | Tony Ulwick | The ‘JTBD Needs’ Framework
BoSON22 | Tony Ulwick | The ‘JTBD Needs’ Framework
 
BoSON22 | Rita McGrath | Discovery Driven Planning
BoSON22 | Rita McGrath | Discovery Driven PlanningBoSON22 | Rita McGrath | Discovery Driven Planning
BoSON22 | Rita McGrath | Discovery Driven Planning
 
BoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdf
BoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdfBoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdf
BoSON22 | Rich Mironov | Resolving Incompatible World Views - Slides.pdf
 

Kürzlich hochgeladen

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 

Kürzlich hochgeladen (20)

Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

Ken Munro Pentest Partners IoT Forum 2016

  • 1. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Vulnerabilities in the Internet of Things or How weak mobile app code led us to a bunch of IoT bugs
  • 2. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Warning: This presentation may contain hot liquids (and swearing)
  • 3. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Basic mobile app security principle: Write it securely Obfuscate the code to make reverse engineering really tough
  • 4. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP What’s the problem? Huge increase in attack surface: Mobile app security Web app security API security Mobile device security IoT device hardware/firmware security RF security For a manufacturer of ‘things’…
  • 5. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP My Wi-Fi Kettle Er yeah. Why? Nice idea, if pointless Future potential quite interesting Coffee machine ships mid October Security-fail central
  • 6. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Attacking a kettle #1 port scan #2 disassembly #3 locate chipset manuals #4 review source code #5 find code fails #6 0wnage
  • 7. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP How to reverse Android apps First, get the APK, can use ADB to extract it from phone Then decompile using Dex2Jar or Jadex https://github.com/pxb1988/dex2jar Figure out how the app works Edit Dalvik bytecode using APKTool (smali) https://ibotpeaches.github.io/Apktool/ Or simply edit resources it uses Recompile, sign with any key, distribute
  • 8. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP
  • 9. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Attacking a kettle Other crazy consequences: Write your own client software – kudos to Mark J Cox Geo-locate unconfigured wireless kettles Geo-locate configured wireless kettles ‘Steamy windows’ attack, run up victim’s power bill WIP: exploding kettle
  • 10. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP
  • 11. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Their latest releases iKettle 2.0 Wi-Fi coffee machine New app New fun More caffeine fueled reverse engineering
  • 12. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP
  • 13. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP My Friend Cayla Remember our sweary talking doll? A year is a long time in security…
  • 14. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Attacking a kids doll #1 hardware issues #2 disassembly #3 root phone #4 locate local database #5 modify content #6 redeploy
  • 15. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Hacking Cayla Wikipedia API Evil API Bluetooth Voice recognition Local Q database + ‘badwords’ MITM Modify unencrypted data in transit Evil phone, modified app Modify SQLite DB contents Tamper with anti-swearing process API call broken when Wikipedia enforced SSL!
  • 16. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Putting it right Manufacturer clearly doesn’t ‘get’ security “We will be issuing an update to the mobile app to fix the issues raised” – except they didn’t Implementing SSL will help, so long as certificate pinning is enforced Otherwise, MITM again But, Bluetooth promiscuity cannot be fixed, as there is no security of pairing process
  • 17. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Vendor updates the app Our attack stopped working a while back, after the application was finally updated They ‘fixed’ it by encrypting the database contents with SQLcipher Er – ignoring the issues that actually mattered
  • 18. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP My Friend Freddy Bear Nothing changes… Whilst reverse engineering the iOS version of Cayla’s app, a researcher found a ‘machine gun’ sound file in her code Action Cayla? Freddy Bear shipped this Xmas, equally vulnerable Slightly more annoying
  • 19. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP The media don’t help CSI Cyber contacted us about My Friend Cayla A talking doll involved in a murder. So we wrote a technically plausible ‘hack’ for them In the end they just dubbed a Barbie-alike!
  • 20. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Hello Barbie Totally different security model BUT Wi-Fi PSK stored on board Potential to intercept mike Some other data cached on board …and parents can create accounts to view child’s activity
  • 21. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Samsung Smart Fridge Samsung RF28HMELBSR Smart Fridge View Google calendars, weather, recipes, TV etc Did I say ‘utterly pointless’? Spectacularly fails to properly encrypt your Gmail password Drive past your house, attack fridge, steal your email
  • 22. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Samsung Washing machine Samsung WW10H9600EW ‘smart’ washer Work in progress, but allows remote control of your washing machine Similar control to smart fridge Wi-Fi network primary attack vector Amusing conversation with installer: “Can I plumb it in for you?” “No thanks, I’m not using it for washing” -> very confused look At least SSL certs are validated
  • 23. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Hoover Wizard
  • 24. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Hoover Wizard Ready for a train wreck? Time to look at the mobile app code Static oauth tokens for API Plain text control on local network with ‘encription’ Can we set fire to it?
  • 25. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Ring Wi-Fi doorbell Remove doorbell Unscrew two T6 Torx screws, Push setup button on rear of bell Connect to embedded web server running on Gainspan Wi-Fi module Users Wi-Fi PSK displayed in plain text…
  • 26. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Ring Wi-Fi doorbell For once, a vendor that actually responded quickly and effectively Acknowledged bug within about 20 minutes of Twitter DM Fix pushed within 2 weeks But, still trackable:
  • 27. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Internet scales FitBit Aria internet scales Connects to your network over Wi-Fi Shares weight & fatness through Fitbit online services Set up guest-only IDs the user by weight Don’t eat too many pies overnight Sends your home SSID to FitBit servers at registration, potential to identify user Fitbit could therefore geolocate you with wigle.net Nothing on the board appears to be encrypted Limited processing power & storage
  • 28. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Setup mode PSK disclosure Put kettle in to setup mode – either push reset button, or take out batteries Navigate to URL here PSK disclosed in plain text Found & reported, fixed in firmware 38 How we found it:
  • 29. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP
  • 30. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP UART SPI
  • 31. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP JTAG
  • 32. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Star Wars Remember this guy? Surely BB-8 can’t have vulnerabilities?
  • 33. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Wearables Wi-Fi eminently more trackable than other RF technologies Mostly due to war driving and wigle.net Though still potential with BlueTooth, BT LE, Zigbee, Z-Wave 802.11ah HaLow concerning What do you sync your device with?
  • 34. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Wearables – smart bra Innovative approach to heart rate monitoring Some discussion about being able to assess other stats, such as body temperature Not quite shipping yet www.omsignal.com Can’t wait…
  • 35. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Wearables – tracking The HRM in the smart clothing syncs with a smart phone and fitness app Strava MapMyRun Nike+ Runkeeper And Runtastic, which had a lovely vulnerability that allowed unauthenticated live tracking…
  • 36. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP Tracking by fitness apps Privacy for various activity tracking apps is dreadful Runkeeper, MapMyRun, Strava, Runtastic All had privacy settings off by default Generally hard to find and configure privacy Strava in fairness mailed users on day2 to show how Most had sequential session IDs Runtastic had the shocking real-time tracking bug, even when profile set to private Only Nike+ seemed to get security & privacy ‘right’
  • 37. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP iSpy Tank Wi-Fi access point with tracks Static creds to web interface Take control from outside the victim’s house Go spy! Thermostats, LightwaveRF etc etc all being investigated
  • 38. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP In summary IoT product vendors have a lot to learn about security So do some mobile app coders Finding these bugs would have been really tough if the code was properly obfuscated Check out your mobile app code; look for the basics: Is it obfuscated / encrypted? Static credentials / static keys Plain text communications / SSL pinning
  • 39. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP IoT Security Foundation There’s hope yet! Various bodies attempting to bring good practice to IoT manufacturers Some progress by US FDA towards medical device security standards IoT SF shortly to deliver initial self-cert for IoT security, followed by more robust compliance
  • 40. info@pentestpartners.com | +44 (0)20 3095 0500 | @PenTestPartners | www.youtube.com/PenTestPartnersLLP The Internet of Things is a scary place Be cynical, don’t adopt technologies that aren’t proven secure @thekenmunroshow @pentestpartners Blog:www.pentestpartners.com