Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the dangerous landscape of IoT security through this DEF CON 33 conference talk that serves as both a cautionary guide for vendors and a survival manual for users. Discover common security failures plaguing Internet of Things devices, from WiFi credentials transmitted over unencrypted HTTP connections to devices that lie about their Android versions while coming pre-infected with malware. Learn how to identify insecure gadgets that expose clear-text admin passwords before authentication and examine multiple attack vectors that compromise device security. Witness live demonstrations of reverse engineering techniques applied to N-day command injection vulnerabilities in popular NAS devices and understand how static AES encryption keys can be easily discovered through simple documentation reading. Analyze why command injection remains the dominant threat in IoT environments compared to memory corruption exploits, including the technical challenges of implementing scalable memory corruption attacks and blind ROP techniques in IoT contexts. Gain insights into why Busybox may not be the optimal choice for IoT development and understand the broader implications of treating security as an afterthought in device design. This presentation combines real-world vulnerability analysis with practical advice for both identifying and avoiding common IoT security pitfalls.
