Live Q&A - Live Hack: Demonstrating Common IoT Security Weaknesses
Joe Hopper - Watch Now - Duration: 20:59
16:13:33 From Eric Lundquist : In the presentation you mentioned extra security measures in u-boot. Could you discuss that a little further. 16:13:52 From Erwin : Awesome live hack! Embarrassing how easy it was to get into devices. Have you any thoughts/numbers how many devices in the field are so easy to attack? 16:15:33 From Robert Hancock : Newer U-Boot versions have a way to password protect the console access (the password is stored hashed so you can't just extract it from the binary). Or you can just disable console access entirely. 16:16:04 From Erwin : Another thing is, you showed how to get Access to Linux based devices. Is getting access to FreeRTOS or bare metal devices as easy or are those per definition better? 16:19:27 From Eric Lundquist : Thanks! 16:23:47 From enrico perera : How do you work out a threat model if you can’t see ahead what someone will do ?My company makes a utility meter, should I assume someone is going to take a meter from (electric, gas, water) line as part of my threat model ? 16:24:20 From Erwin : Thanks for your detailed answer. 16:27:57 From Leandro Pérez : Thanks Joe... Amazing talk ???? 16:28:37 From jefcap : Do you have suggestions for secure update IoT devices? 16:28:38 From Phillip Kajubi : Are these the most common attacks you've seen in the field? what should we be most prepared for when designing? 16:31:42 From Phillip Kajubi : Thanks! 16:31:59 From Jay Cosper : thanks!