DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device

DEF CON 32 - Anyone can hack IoT- Beginner’s Guide to Hacking Your First IoT Device - Andrew Bellini

Рет қаралды 86,251

Күн бұрын

Yes, anyone can hack IoT devices and I’ll show you how! It doesn’t matter if you’re an experienced pen tester in other fields, completely new to cybersecurity or just IoT curious, by the end of this talk you’ll have the knowledge to hack your first device. You might be thinking - but I thought IoT was complicated, required knowledge of hardware, and expensive tools. In this talk, I’m here to dispel those myths by directly showing you the methodology, tools and tactics you can use to go and hack an IoT device today (or maybe when you get home). I’ll cover what IoT devices are best for beginners, what tools you need (and don’t need), how to build a small toolkit for less than $100, common tactics to get a foothold into IoT devices and how to find your first vulnerability or bug.

Пікірлер: 44

@Twoshoes22Jason Ай бұрын

Probably one of the clearest and most concise talks this year from what I've seen so far

@the_sandman00 20 күн бұрын

Found 5 vulnerabilities on the first day. 1 critical, 1 high. Thanks man. This sparked a curiosity

@weihe1220 8 күн бұрын

Hi bro, how did you do it? Can you share some relevant basic information?

@the_sandman00 8 күн бұрын

@ portscan-> found ftp -> did enumeration-> found default cred login -> in ftp rootfs access is granted -> dumped entire filesystem-> can modify entire fs, etc

@SmallTimeTrees 2 күн бұрын

@@weihe1220did you watch the video?

@74Gee Ай бұрын

Without a doubt this is the best IoT hacking speed run out there.

@coffeehousephilosopher7936 Ай бұрын

This is why I love this channel, any talk I might have had to miss or force to choose over the other is right on this channel... Thanks DEFCONconferences

@Entropy67 Ай бұрын

Wow super useful talk, thanks! I've been interested in IoT hacking but too busy to look into it, I just happen to have almost all the tools and a cheap router... And some free time...

@chsovi7164 Ай бұрын

"we're expecting there to be a big surge of IoT devices because of AI" is just about the scariest news someone could drop

@frankwuolukka2087 20 күн бұрын

Great presentation, thank you for the clear and concise talk. I believe you said that folks there could get a copy of your slides but would you mind making them available to the rest of us?

@stevet7522 Ай бұрын

These talks just reinforce the reason i dont have IoT, smart devices, or really much of anything in my house. The fact that i have wifi makes me paranoid enough.

@Frappe3621 Ай бұрын

My iot lights use WiFi to make themselves into motion sensors! They send it between themselves and see where they are interrupted! Any WiFi enabled device could potentially do this, your WiFi can tell where you are in your house

@jean-naymar602 Ай бұрын

@@Frappe3621 New fear unlocked.

@cracc_baby 10 күн бұрын

bruh im kinda scared rn.. my cats new litterbox needed to connect to wifi (allegedly for firmware updates) same with the vaccum! both made in china btw :(

@daviddunkelheit9952 Ай бұрын

Power capacitors that are discharged can develop ‘phantom charge’ as the dielectric was in a contrary position physically for longer duration. Ambient charge is enough to cause the capacitor’s to return to previous charged state.

@theodorekorehonen 13 күн бұрын

A lot of devices nowadays have parasitic resistors to make them safe(r) but I still always short the big filter caps just to make sure. And I do indeed get some sparks sometimes

@GameX236 3 күн бұрын

Sounds fun!

@AndreeaCe Ай бұрын

1: pick the target, usually the target is the device not the person. Usually...

@ZambeziSentinel 25 күн бұрын

I took screenshots of all the slides and fed to my AI to summarise. Did a good job 😊

@ShermaMahdi 24 күн бұрын

Amazing idea💥 Did de same thanks

@3rdeyesociety 11 күн бұрын

why wouldnt you just copy paste the transcript...

@ZambeziSentinel 11 күн бұрын

@3rdeyesociety on phone and can't copy. Tried that first

@ZambeziSentinel 11 күн бұрын

@@3rdeyesociety I tried but phone would not let me. Took a while to get every slide lol

@eyezikandexploits 29 күн бұрын

Been making my own showdan type project locally scanning for IoT and rigged a grep script for it

@joew1865 Ай бұрын

What was the software being used in the Reverse Engineering binaries & libs section?

@joew1865 Ай бұрын

Nevermind... it's called Ghidra

@daviddunkelheit9952 13 күн бұрын

@@joew1865 yes and it is suggested to use with Amazon Coretto rather than regular Java

@claasschlueter 16 күн бұрын

Really enjoyed it! Thanks

@BsktImp Ай бұрын

07:58 Capacitors at even 5V or 12V: "hold my beer."

@AnonymousVv3 8 күн бұрын

Like Harvard or EC-COUNCIL University or etc for cyber degrees

@AmandaCook-rc8ce 28 күн бұрын

Hack or be hacked. It's like being blind and while they all can see.

@daviddunkelheit9952 Ай бұрын

I followed this beginner guide and I just couldn’t hack it.

@Pinkman875 20 күн бұрын

somebody knows any resource to keep digging in the iot / hardware hacking?

@mk71b Ай бұрын

8:55 He should have said "unplug the power cord."

@radwizard 24 күн бұрын

Remember those books from the 90s and early 2000s that claimed this…. But when you read them, they are the basics to using a console or lessons on OSI and TCP/IP? 😂❤

@XRatedPoetry Ай бұрын

We need 6 more likes on this video! No more, no less!

@criticalgrower Ай бұрын

When i see someone Who really knows what he s talking about ❤ how much i love that stuff unfortunately i m not lucky and good enough to make a living with it Bless Bellini ciao

@andrewc.2952 24 күн бұрын

Is it sad that my immediate definition for an LoT device is that it means "Left on table". 😂 Like when people leave their devices unattended. Don't mind me, kinda new here. Lol

@AnonymousVv3 8 күн бұрын

Botnet: Online DDOS or DOS attack.