Loading...

DEF CON 23 - Crypto and Privacy Village - Craig Young - Smart Home Invasion

1,828 views

Loading...

Loading...

Transcript

The interactive transcript could not be loaded.

Loading...

Rating is available when the video has been rented.
This feature is not available right now. Please try again later.
Published on Dec 7, 2015

SMART HOME INVASION
Craig Young @craigtweets

BIO:
Craig is a computer security researcher with Tripwire's Vulnerability and Exposures Research Team (VERT). He has identified and disclosed dozens of vulnerabilities in products from Google, Amazon, IBM, NETGEAR, Adobe, HP, and others. His research has resulted in numerous CVEs and recognition in the Google Application Security Hall of Fame. Craig won in track 0 and track 1 of the first ever SOHOpelessly Broken contest at DEF CON 22 by demonstrating 10 0-day flaws in SOHO wireless routers.

ABSTRACT:
Smart home technology has been a dream for many perhaps inspired by the likes of George Jetson. Unfortunately the technology is in its infancy still and the question remains as to whether vendors can demonstrate the ability to make our homes smarter without simultaneously introducing new risks to personal safety and privacy. In an effort to answer this question, Tripwire VERT conducted a security assessment of the three top-selling ‘Smart Home Hub' products available on Amazon. The research revealed 0-day flaws in each product allowing an attacker to control smart home functionality. This presentation will reveal some of the findings from this study including vulnerability discoveries. If not addressed, smart home flaws can give rise to a new type of ‘smart criminal' able to case victims without being seen. Once a target is chosen, it is possible to unlock doors and disable security monitoring.

REASON:

Each product I tested had 0-day flaws
Two of the three products evaluated contained 0-day flaws allowing a remote attacker to gain root access with limited to no user-interaction required.
I will be demonstrating a PoC which determines the local IP address and searches for the vulnerable device.
The PoC described in #3 is still 0-day in official firmware, the latest RC firmware, and possibly in the latest beta firmware.

Loading...

When autoplay is enabled, a suggested video will automatically play next.

Up next


to add this to Watch Later

Add to

Loading playlists...