BSides Iowa 2017
The Internet of Things (IoT) is not new terminology. However, the sheer amount of connected devices we have at home and at our businesses is growing exponentially and increasing the attack surface. Attacking and assessing IoT can easily lead us down a rabbit hole only to hit a wall on the other side. However we need to be extremely comprehensive in our methodology and not end up down that rabbit hole for too long. We’re here to discuss the attack footprint of a typical IoT infrastructure, whether at home or at the office. We will discuss a threat model and verification of a real-world IoT assessment including every component from hardware, protocols, mobile applications and devices, web APIs, etc. We will discuss attack vectors, attack motivation, typical attack vectors, and common shortfalls in IoT systems. Join David as he walks through an assessment of an IoT system including a high level threat model and attack chain discussion.